Project

General

Profile

Actions
Copy link

Bug #4312

closed
JL SB

dcerpc: no alert triggered with dce opnum in 6.0

Bug #4312: dcerpc: no alert triggered with dce opnum in 6.0

Added by Jeff Lucovsky about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Shivani Bhardwaj
Target version:
6.0.2
Affected Versions:
6.0.0
Effort:
Difficulty:
Label:

Description

For the attached suricata-verify test, alert is not triggered for rules in the file named ".broken.rules". The only diff this file has from the other rule file is an opnum to match against.

via Jeff Lucovsky via Corelight researcher

Files

zerologon-suri.tar.gz (36.7 KB) zerologon-suri.tar.gz Shivani Bhardwaj, 12/03/2020 11:48 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0ClosedShivani BhardwajActions

JL Updated by Jeff Lucovsky about 5 years ago Actions
Copy link
 #1

  • Copied from Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0 added

VJ Updated by Victor Julien about 5 years ago Actions
Copy link
 #2

  • Status changed from Assigned to In Progress

SB Updated by Shivani Bhardwaj about 5 years ago Actions
Copy link
 #3

  • Status changed from In Progress to Closed
Actions
Copy link

Also available in: PDF Atom