Project

General

Profile

Actions

Bug #215

closed

Fail to alert on sid 2009301

Added by Josh Smith over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata fails to alert on sid 2009301.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Megaupload file download service access"; flow:to_server,established; content:"GET "; depth: 4; uricontent:"/?d="; content:"|0d 0a|Host\: "; content:"megaupload.com"; within:25; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009301; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Download_Services; sid:2009301; rev:2;)


Files

2009301.pcap (652 Bytes) 2009301.pcap Josh Smith, 07/16/2010 02:39 PM
Actions #1

Updated by Will Metcalf over 13 years ago

Seems to fire for me will load it the test rid to see if it's consistent.

Actions #2

Updated by Will Metcalf over 13 years ago

Seems to be the same behavior as bug #214. Using the emerging-all.rules included in that bug it fails to fire 8 out of 10 times locally for me.

Actions #3

Updated by Victor Julien over 13 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Should be fixed by commit 0d008c8135a76f0d22cf0fc6f9276ef93385c89a

Actions

Also available in: Atom PDF