Bug #214: Fail to alert on sid 2009800 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #214

closed

JS OD

Fail to alert on sid 2009800

Bug #214: Fail to alert on sid 2009800

Added by Josh Smith almost 16 years ago. Updated almost 16 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

1.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Suricata fails to alert on sid 2009800.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Carbonite.com Backup Software Leaking MAC Address"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/manage.old/sun/signup.aspx?MACAddresses=MAC"; nocase; uricontent:"ShowCount="; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009800; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Carbonite; sid:2009800; rev:3;)

Files

Download all files

2009800.pcap (677 Bytes) 2009800.pcap		Josh Smith, 07/16/2010 02:32 PM
emerging-all.rules (4.61 MB) emerging-all.rules	emerging-all.rules used for this test	Will Metcalf, 07/20/2010 07:59 AM

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #214

Fail to alert on sid 2009800

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#1

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Bug #214

Fail to alert on sid 2009800

WM Updated by Will Metcalf almost 16 years ago ActionsCopy link #1

WM Updated by Will Metcalf almost 16 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 16 years ago ActionsCopy link #3

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#1

WM Updated by Will Metcalf almost 16 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#3