Actions
Bug #5379
closeddetect/udp: different detection from rules when UDP/TCP header is broken
Affected Versions:
Effort:
Difficulty:
Label:
Description
As reported in the forum: https://forum.suricata.io/t/different-detection-from-rules-when-udp-header-is-broken/2527
The rule
alert udp $EXTERNAL_NET :1024 <> $HOME_NET 0 (msg:"UDP Port 0"; sid:1;)
Generates alert with broken UDP packets (pcap attached):
05/30/2022-12:34:15.240177 [**] [1:1:0] UDP Port 0 [**] [Classification: (null)] [Priority: 3] {UDP} 192.168.100.102:0 -> 192.0.2.1:0
Files
Updated by Juliana Fajardini Reichow over 2 years ago
The user who reported the issue said that a similar error also occurred with TCP traffic.
Updated by Juliana Fajardini Reichow over 2 years ago
- Subject changed from detect/udp: different detection from rules when UDP header is broken to detect/udp: different detection from rules when UDP/TCP header is broken
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien about 2 years ago
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
Updated by Shivani Bhardwaj about 2 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
Updated by Shivani Bhardwaj almost 2 years ago
- Related to Bug #5693: decode: Padded packet to minimal Ethernet length marked with invalid length event added
Updated by Shivani Bhardwaj almost 2 years ago
- Status changed from Assigned to In Review
Updated by Shivani Bhardwaj almost 2 years ago
- Label Needs backport to 6.0 added
Updated by Shivani Bhardwaj almost 2 years ago
In Review PR: https://github.com/OISF/suricata/pull/8342
Updated by Shivani Bhardwaj almost 2 years ago
- Label deleted (
Needs backport to 6.0)
Updated by Shivani Bhardwaj almost 2 years ago
- Status changed from In Review to Resolved
Closed by: https://github.com/OISF/suricata/pull/8440
Updated by Victor Julien almost 2 years ago
- Status changed from Resolved to Closed
Actions