Actions
Bug #2102
closedRules with dual sid do not error
Affected Versions:
Effort:
Difficulty:
Label:
Description
The following rules do not error in Suricata 3.2.1 or Suricata version 4.0dev (rev 3ff5dc3):
alert tcp any any -> any any (msg:"DUAL SID TEST"; content:"10dc303535874aeccc86a8251e6992f5"; sid:3031; sid:3031; rev:1;)
alert tcp any any -> any any (msg:"DUAL SID TEST"; content:"10dc303535874aeccc86a8251e6992f5"; sid:3032; sid:3033; rev:1;)
It appears to pick the latter one when presented with two:
09/12/2016-14:51:13.407898 [**] [1:3033:1] DUAL SID TEST [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.71.200:42439 -> 172.16.71.162:88
Updated by Andreas Herz over 7 years ago
- Assignee set to Andreas Herz
- Target version set to TBD
Updated by Andreas Herz about 7 years ago
- Status changed from New to Closed
Updated by Andreas Herz about 7 years ago
- Target version changed from TBD to 4.0.1
Actions