Project

General

Profile

Actions

Bug #1904

closed

modbus: duplicate alerts / detection unaware of direction

Added by Victor Julien over 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the current master a rule like this

alert modbus any any -> any any (msg:"Start electric motor"; modbus: access write holding, address 521, value 2; sid:6; rev:1; )

Will match both on the toserver and toclient direction regardless of which direction this command was send in. This is because the detection logic is unaware of direction.

Maybe related to #1574.

Actions

Also available in: Atom PDF