Bug #3772: DNP3 probing parser does not detect the proper direction in midstream - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3772

closed

DNP3 probing parser does not detect the proper direction in midstream

Added by Philippe Antoine almost 4 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

6.0.0

Affected Versions:

5.0.3

Effort:

Difficulty:

Label:

Needs backport, Protocol

Description

From https://github.com/OISF/suricata/pull/5063/files#r438691794

Reproducer with attached pcap, run with --set stream.midstream=true

DNP3ProbingParser should set *rdir = 1 with the right conditions
Wireshark filter dnp3.ctl & 0x80 indicates a request

Files

dnp3_confirm.pcap (121 Bytes) dnp3_confirm.pcap

Philippe Antoine, 06/16/2020 07:30 AM

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

	Copied to Suricata - Bug #3793: DNP3 probing parser does not detect the proper direction in midstream	Rejected					Actions
	Copied to Suricata - Bug #3794: DNP3 probing parser does not detect the proper direction in midstream	Closed	Jeff Lucovsky				Actions

Project

General

Profile

Suricata

Custom queries

Bug #3772

DNP3 probing parser does not detect the proper direction in midstream

Updated by Philippe Antoine almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Philippe Antoine over 3 years ago

Updated by Philippe Antoine over 3 years ago

Updated by Victor Julien over 3 years ago

Updated by Victor Julien over 3 years ago