Actions
Bug #6087
closed
CD
CD
FTP bounce detection doesn't work for big-endian platforms
Bug #6087:
FTP bounce detection doesn't work for big-endian platforms
Affected Versions:
Effort:
Difficulty:
low
Label:
Description
FTP bounce detection has false positives and false negatives on platforms where host byte order is the same as network byte order. An example of this behavior can be triggered with the traffic attached pcap, which is also used in the suricata-verify test. The traffic contains the following:
- A valid active FTP control transaction setting up the data port.
- A active FTP control transaction setting up an FTP bounce attack.
On big-endian platforms both flows will be detected as an FTP bounce attack. I tested this on x86_64 and mips64 platforms.
Files
VJ Updated by Victor Julien almost 3 years ago
- Status changed from New to In Review
VJ Updated by Victor Julien almost 3 years ago
- Priority changed from Normal to Low
VJ Updated by Victor Julien almost 3 years ago
- Label deleted (
Needs Suricata-Verify test)
VJ Updated by Victor Julien almost 3 years ago
- Status changed from In Review to Resolved
- Priority changed from Low to Normal
- Label Needs backport to 6.0 added
SB Updated by Shivani Bhardwaj almost 3 years ago
- Label deleted (
C, Needs backport to 6.0)
SB Updated by Shivani Bhardwaj almost 3 years ago
- Subtask #6174 added
VJ Updated by Victor Julien almost 3 years ago
- Status changed from Resolved to Closed
Actions