Project

General

Profile

Actions
Copy link

Bug #7521

closed
VJ VJ

detect/ip-only: false positive alerts on pseudo packets ending a one direction flow

Bug #7521: detect/ip-only: false positive alerts on pseudo packets ending a one direction flow

Added by Victor Julien about 1 year ago. Updated 8 months ago.

Status:
Closed
Priority:
High
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a single direction flow leads to a flow timeout packet in the opposite direction, IP-only inspection is done on that pseudo packet as if it is a real packet, leading to false positive alerts.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #7522: detect/ip-only: false positive alerts on pseudo packets ending a one direction flow (7.0.x backport)ClosedVictor JulienActions

OT Updated by OISF Ticketbot about 1 year ago Actions
Copy link
 #1

  • Subtask #7522 added

OT Updated by OISF Ticketbot about 1 year ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 7.0)

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #3

  • Status changed from In Progress to In Review

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #4

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien 8 months ago Actions
Copy link
 #5

  • Subtask deleted (#7522)

VJ Updated by Victor Julien 8 months ago Actions
Copy link
 #6

  • Related to Bug #7522: detect/ip-only: false positive alerts on pseudo packets ending a one direction flow (7.0.x backport) added

VJ Updated by Victor Julien 8 months ago Actions
Copy link
 #7

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom