Project

General

Profile

Actions

Bug #7279

open

dns: protocol detection is not strict enough

Added by Philippe Antoine about 2 months ago. Updated about 2 months ago.

Status:
In Review
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

From https://github.com/OISF/suricata/pull/11794 and TLPR pcaps from QA showing the deviation


Related issues 1 (1 open0 closed)

Related to Suricata - Bug #7228: dns: no data logged, and no events with udp corrupt additional recordIn ReviewJason IshActions
Actions #1

Updated by Philippe Antoine about 2 months ago

  • Related to Bug #7228: dns: no data logged, and no events with udp corrupt additional record added
Actions #2

Updated by Philippe Antoine about 2 months ago

  • Subject changed from dns: custom protocol data exfiltration traffic on port 53 detected as DNS with later app-layer parser error to dns: protocol detection is not strict enough

It accepts as DNS custom protocol data exfiltration traffic on port 53 with later app-layer parser error on TLP pcap

Actions #3

Updated by Philippe Antoine about 2 months ago

  • Status changed from New to In Review
Actions

Also available in: Atom PDF