Feature #603: stream: detect overlapping data in stream reassembly - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #603

closed

stream: detect overlapping data in stream reassembly

Added by Victor Julien about 12 years ago. Updated about 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

1.4beta3

Effort:

Difficulty:

Label:

Description

Resending of different data in TCP streams is a way to attempt to evade the IDS/IPS. Detect such resends.

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien about 12 years ago

Status changed from Assigned to Closed
% Done changed from 0 to 100

Solved by:

commit 6f76ac176d70d85fa2a5719dacdc8fef0ef074dc
Author: Victor Julien <victor@inliniac.net>
Date:   Thu Oct 11 21:02:56 2012 +0200

    stream: add option to match on overlapping data

    Set event on overlapping data segments that have different data.

    Add stream-events option stream-event:reassembly_overlap_different_data and
    add an example rule.

    Issue 603.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #603

stream: detect overlapping data in stream reassembly

Updated by Victor Julien about 12 years ago