Feature #796: stream: deal with multiple different SYN/ACK's better - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #796

closed

VJ VJ

stream: deal with multiple different SYN/ACK's better

Feature #796: stream: deal with multiple different SYN/ACK's better

Added by Victor Julien almost 13 years ago. Updated almost 13 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

2.0beta1

Effort:

Difficulty:

Label:

Description

Currently we accept the first SYN/ACK and reject (+set event on) new ones that are different. Ran into some streams where the 2nd is accepted.

As there is no way to distinguish between them we'll have to wait for the client to ACK one. For this we'll use a simple list in the TCP ssn. Also a limit will be used to make sure we won't get vulnerable to a resource starvation attack.

Code will only be used in slow path.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #796

stream: deal with multiple different SYN/ACK's better

PM Updated by Peter Manev almost 13 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 13 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 13 years ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Feature #796

stream: deal with multiple different SYN/ACK's better

PM Updated by Peter Manev almost 13 years ago ActionsCopy link #1

VJ Updated by Victor Julien almost 13 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 13 years ago ActionsCopy link #3

PM Updated by Peter Manev almost 13 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 13 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 13 years ago Actions
Copy link
#3