Project

General

Profile

Actions

Bug #3339

closed

Missing community ID in smb, rdp, tftp, dhcp

Added by Eric Leblond about 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0

Description

The function JsonAddCommonOptions is not called in SMB, RDP, TFTP and DHCP protocols resulting in Community ID not to be present even if asked.

In the case of SMB and RDP this is clearly missing. For TFTP and DHCP, this could be discussed as we have no real flow. But other tools should be able to build the same community ID so it seems ok to have it.


Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3804: Missing community ID in smb, rdp, tftp, dhcpClosedJeff LucovskyActions
Copied to Suricata - Bug #3810: Missing community ID in smb, rdp, tftp, dhcpClosedJeff LucovskyActions
Actions #1

Updated by Eric Leblond about 5 years ago

This is fixed in this code https://github.com/regit/suricata/tree/forensic-mode that should reach PR state soon but it may be a bit too intrusive for the Suricata 5.0.

Actions #2

Updated by Andreas Herz almost 5 years ago

  • Assignee set to Eric Leblond
  • Target version set to 70
Actions #3

Updated by Victor Julien over 4 years ago

  • Assignee changed from Eric Leblond to OISF Dev
Actions #4

Updated by Victor Julien over 4 years ago

  • Priority changed from Normal to High
Actions #5

Updated by Sascha Steinbiss over 4 years ago

fileinfo is also affected (5.0.3). Any chance of this making it as a separate PR?

Actions #6

Updated by Jeff Lucovsky over 4 years ago

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Jeff Lucovsky
  • Label Needs backport to 5.0 added
Actions #7

Updated by Victor Julien over 4 years ago

  • Target version changed from 70 to 6.0.0beta1
Actions #8

Updated by Jeff Lucovsky over 4 years ago

  • Copied to Bug #3804: Missing community ID in smb, rdp, tftp, dhcp added
Actions #9

Updated by Jeff Lucovsky over 4 years ago

  • Status changed from In Review to Closed
Actions #10

Updated by Jeff Lucovsky over 4 years ago

  • Copied to Bug #3810: Missing community ID in smb, rdp, tftp, dhcp added
Actions

Also available in: Atom PDF