Project

General

Profile

Actions

Bug #5161

closed

smb: file not tracked on smb2 async

Added by Angelo Mirabella about 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata fails to alert on a smb signature related to a file extraction.

Investigating a bit the issue the "file_data" keyword does not match (PrefilterTxFiledata) because a file is never seen by Suricata.

Attaching pcap and signature.


Files

test.pcap (3.27 MB) test.pcap Angelo Mirabella, 02/24/2022 02:44 PM
test.rule (139 Bytes) test.rule Angelo Mirabella, 02/24/2022 02:44 PM

Subtasks 1 (0 open1 closed)

Bug #5715: smb: file not tracked on smb2 async (6.0.x backport)ClosedVictor JulienActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #5508: SMB2 async responses are not matched with its requestClosedPhilippe AntoineActions
Actions #1

Updated by Victor Julien over 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine
  • Target version changed from TBD to 7.0.0-rc1
Actions #2

Updated by Philippe Antoine over 1 year ago

  • Status changed from Assigned to In Review
Actions #3

Updated by Philippe Antoine over 1 year ago

  • Status changed from In Review to Closed
Actions #4

Updated by Victor Julien over 1 year ago

  • Status changed from Closed to Resolved
Actions #5

Updated by Victor Julien over 1 year ago

  • Subject changed from Suricata fails to see SMB file to smb: file not tracked on smb2 async
Actions #6

Updated by Victor Julien over 1 year ago

  • Subtask #5715 added
Actions #7

Updated by Victor Julien over 1 year ago

  • Status changed from Resolved to Closed
Actions #8

Updated by Victor Julien over 1 year ago

  • Related to Bug #5508: SMB2 async responses are not matched with its request added
Actions

Also available in: Atom PDF