Project

General

Profile

Actions
Copy link

Bug #4198

closed
SB SB

dcerpc: no alert triggered with dce opnum in 6.0

Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0

Added by Shivani Bhardwaj over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Shivani Bhardwaj
Target version:
7.0.0-beta1
Affected Versions:
6.0.0
Effort:
Difficulty:
Label:
Needs backport to 6.0

Description

For the attached suricata-verify test, alert is not triggered for rules in the file named ".broken.rules". The only diff this file has from the other rule file is an opnum to match against.

via Jeff Lucovsky via Corelight researcher

Files

zerologon-suri.tar.gz (36.7 KB) zerologon-suri.tar.gz Shivani Bhardwaj, 12/03/2020 11:48 PM

Related issues 1 (0 open1 closed)

Copied to Suricata - Bug #4312: dcerpc: no alert triggered with dce opnum in 6.0ClosedShivani BhardwajActions

SB Updated by Shivani Bhardwaj over 5 years ago Actions
Copy link
 #1

  • Description updated (diff)

VJ Updated by Victor Julien about 5 years ago Actions
Copy link
 #2

  • Target version changed from 6.0.2 to 7.0.0-beta1
  • Label Needs backport to 6.0 added

Have you started looking at this?

JL Updated by Jeff Lucovsky about 5 years ago Actions
Copy link
 #3

  • Copied to Bug #4312: dcerpc: no alert triggered with dce opnum in 6.0 added

SB Updated by Shivani Bhardwaj about 5 years ago Actions
Copy link
 #4

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: PDF Atom