https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022018-12-11T15:29:15ZOpen Information Security FoundationSuricata - Security #2736: DNS Golden Transaction ID - detection bypasshttps://redmine.openinfosecfoundation.org/issues/2736?journal_id=106542018-12-11T15:29:15ZAlexey Vishnyakov
<ul><li><strong>File</strong> <a href="/attachments/1602">dns.zip</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/1602/dns.zip">dns.zip</a> added</li></ul> Suricata - Security #2736: DNS Golden Transaction ID - detection bypasshttps://redmine.openinfosecfoundation.org/issues/2736?journal_id=106962018-12-19T08:58:39ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> set to <i>Victor Julien</i></li></ul><p>Both are known weaknesses in protocol detection. The magic 0x4000 triggers the dcerpc protocol detection, so Suricata then considers it dcerpc. This really requires a rewrite/upgrade of the protocol detection engine. This is something we hope to do for 5.0. I'll see if I can create some hack to fix this specific issue.</p>
<p>The 6594 pcap triggers the teredo detection. We've had issues with this before. I'm trying to see if I can make the teredo probing stricter.</p> Suricata - Security #2736: DNS Golden Transaction ID - detection bypasshttps://redmine.openinfosecfoundation.org/issues/2736?journal_id=106992018-12-19T19:34:39ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Target version</strong> set to <i>4.1.2</i></li></ul> Suricata - Security #2736: DNS Golden Transaction ID - detection bypasshttps://redmine.openinfosecfoundation.org/issues/2736?journal_id=107032018-12-20T09:14:00ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li></ul><p>Fixes/workarounds in <a class="external" href="https://github.com/OISF/suricata/pull/3590">https://github.com/OISF/suricata/pull/3590</a></p> Suricata - Security #2736: DNS Golden Transaction ID - detection bypasshttps://redmine.openinfosecfoundation.org/issues/2736?journal_id=109372019-02-16T15:03:26ZVictor Julienvictor@inliniac.net
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-1 status-5 priority-5 priority-high3 closed" href="/issues/2827">Bug #2827</a>: DNS Golden Transaction ID - detection bypass (4.0.x)</i> added</li></ul> Suricata - Security #2736: DNS Golden Transaction ID - detection bypasshttps://redmine.openinfosecfoundation.org/issues/2736?journal_id=172932020-09-01T09:00:22ZVictor Julienvictor@inliniac.net
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Security</i></li><li><strong>CVE</strong> set to <i>2019-1010251</i></li><li><strong>Git IDs</strong> updated (<a title="View differences" href="/journals/17293/diff?detail_id=17815">diff</a>)</li></ul>