Project

General

Profile

Actions

Bug #1904

closed

modbus: duplicate alerts / detection unaware of direction

Added by Victor Julien about 5 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the current master a rule like this

alert modbus any any -> any any (msg:"Start electric motor"; modbus: access write holding, address 521, value 2; sid:6; rev:1; )

Will match both on the toserver and toclient direction regardless of which direction this command was send in. This is because the detection logic is unaware of direction.

Maybe related to #1574.

Actions #1

Updated by David DIALLO over 3 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100
Actions #2

Updated by David DIALLO over 3 years ago

  • Status changed from Resolved to Closed
Actions #3

Updated by Victor Julien over 3 years ago

  • Target version changed from 70 to 4.1beta1

Can you add a link to the PR?

Actions

Also available in: Atom PDF