Project

General

Profile

Actions
Copy link

Bug #779

closed

sig id parsing

Added by Victor Julien about 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.0beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Reported on oisf-devel by rmkml:

Im continue my testing and Im curious with these sig:

alert tcp any any -> any any (msg:"test sid"; flow:to_server,established; content:"LIST"; classtype:suspicious-login; sid:99999999999999999999; rev:1;)

Suricata fire:

03/03/2013-11:55:34.881652 [**] [1:4294967295:1] test sid [**] [Classification: An attempted login using a suspicious username was detected] [Priority: 2] {TCP} 192.168.1.2:58129 -> 21.7.6.7:21

Maybe add sid checking ?

We should check gid, rev as well.

Actions
Copy link
 #1

Updated by Victor Julien almost 11 years ago

  • Status changed from Assigned to Closed
  • Assignee changed from OISF Dev to Victor Julien
  • % Done changed from 0 to 100

Fixed, pushing out today.

Actions
Copy link

Also available in: Atom PDF