Project

General

Profile

Actions
Copy link

Bug #8266

open

detect: erroneous alerts due to inconsistency between applayer and stream

Added by Shivani Bhardwaj 4 days ago. Updated 2 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
high
Label:

Description

In cases like https://github.com/OISF/suricata/pull/14649#issuecomment-3800282224 applayer can progress faster than stream, this can lead to inconsistent alerts and maybe more issues [TODO] (still being researched).

Related issues 1 (1 open0 closed)

Blocks Suricata - Task #7863: smb: trigger raw stream inspectionAssignedShivani BhardwajActions
Actions
Copy link
 #1

Updated by Shivani Bhardwaj 4 days ago

  • Subject changed from stream: erroneous detection results due to inconsistency between applayer and stream to detect: erroneous alerts due to inconsistency between applayer and stream
Actions
Copy link
 #2

Updated by Shivani Bhardwaj 4 days ago

  • Related to Task #7863: smb: trigger raw stream inspection added
Actions
Copy link
 #3

Updated by Shivani Bhardwaj 4 days ago

  • Related to deleted (Task #7863: smb: trigger raw stream inspection)
Actions
Copy link
 #4

Updated by Shivani Bhardwaj 4 days ago

  • Blocks Task #7863: smb: trigger raw stream inspection added
Actions
Copy link
 #5

Updated by Shivani Bhardwaj 2 days ago

  • Status changed from Assigned to In Progress
  • Difficulty set to high
Actions
Copy link

Also available in: Atom PDF