Project

General

Profile

Actions

Bug #523

closed

stream: invalid stream event when suricata sees 3whs ACK, but server doesn't

Added by Victor Julien over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Basically, we've got SYN, SYN ACK, ACK but ACK did not seem to be received and we've got a new SYN ACK. Which is ACKed once more.

Suricata triggers an alert:
08/16/2012-07:55:05.913557 [**] [1:2210022:1] SURICATA STREAM ESTABLISHED SYNACK resend [**] [Classification: (null)] [Priority: 3] {TCP} 62.93.195.148:80 -> 192.168.0.102:47146


Files

strange-tcp-session.pcap (632 Bytes) strange-tcp-session.pcap Victor Julien, 08/16/2012 05:40 AM
Actions #1

Updated by Victor Julien over 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Fixed by c51a3aad17778da8912bf5b971370e406881ba50

Actions

Also available in: Atom PDF