Bug #213: Fail to alert on sid 2000571 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #213

closed

JS VJ

Fail to alert on sid 2000571

Bug #213: Fail to alert on sid 2000571

Added by Josh Smith almost 16 years ago. Updated almost 16 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

1.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Suricata fails to alert on sid 2000571. Snort alerts on it.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY AOL Webmail Message Send"; flow: to_server,established; uricontent:"/compose_frame.adp"; content:"POST"; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2000571; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_AOL_Webmail; sid:2000571; rev:6;)

Files

2000571.pcap (642 Bytes) 2000571.pcap

Josh Smith, 07/16/2010 02:29 PM

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#1

Seems to fire for me will load it the test rig to see if it's consistent.

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#2

Status changed from New to Closed
Assignee changed from OISF Dev to Victor Julien
% Done changed from 0 to 100

Should be fixed by commit 0d008c8135a76f0d22cf0fc6f9276ef93385c89a

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #213

Fail to alert on sid 2000571

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Bug #213

Fail to alert on sid 2000571

WM Updated by Will Metcalf almost 16 years ago ActionsCopy link #1

VJ Updated by Victor Julien almost 16 years ago ActionsCopy link #2

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#2