Bug #208: regression v100 and git today cause FN - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #208

closed

regression v100 and git today cause FN

Added by rmkml rmkml almost 14 years ago. Updated almost 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

1.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Hi,
Congratulations for first Suricata release.
with two rules and joigned pcap file, I have a FN (no alert):
alert tcp any any -> any 25 (msg:"suricata smtp"; flow:to_server,established; content:"EHLO "; nocase; depth:5; classtype:attempted-user; sid:9404481; rev:1;)
alert tcp any any <> any 0 (msg:"BAD TRAFFIC tcp port 0 traffic"; flow:stateless; classtype:misc-activity; sid:524; rev:8;)
If you disable (second) sid 524, (first) sid 9404481 fire.
tested with v1.0.0 and git today (102092a89c8c48080853e9402325b4ee0e114697).
no FN (alert) on v0.9.2 or v0.9.1.
Please Check.
Regards
Rmkml

Files

suricatafnsmtpflowstateless.pcap (845 Bytes) suricatafnsmtpflowstateless.pcap

rmkml rmkml, 07/13/2010 03:23 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #208

regression v100 and git today cause FN

Updated by Victor Julien almost 14 years ago

Updated by Will Metcalf almost 14 years ago

Updated by Will Metcalf almost 14 years ago