Actions
Bug #5492
openApplayer Detect protocol only one direction - Kerberos
Affected Versions:
Effort:
Difficulty:
Label:
Description
Some kerberos traffic between a Synology NAS and a Windows Active directory controller generates the following alert:
[**] [1:324000010:1] SURICATA Applayer Detect protocol only one direction (non-SMTP) [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP}
I can reproduce it with the attached pcap file.
Files
Updated by Philippe Antoine about 1 year ago
Confirmed : rs_krb5_probing_parser
only works for ASN1/BER whose length is less than 128 bytes
cf check of rem[2],rem[3],rem[4]
Actions