Bug #8454: doh2: FN with rulesets combining dns rules and http2 rules - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #8454

open

PA PA

doh2: FN with rulesets combining dns rules and http2 rules

Bug #8454: doh2: FN with rulesets combining dns rules and http2 rules

Added by Philippe Antoine about 10 hours ago. Updated about 10 hours ago.

Status:

In Review

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

9.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Ruleset containing rules with dns keywords and http keywords

alert dns any any -> any any (dns.query; content: "www.gstatic.com"; sid:20; )
alert doh2 any any -> any any (dns.query; content: "www.gstatic.com"; sid:21; )
alert http2 any any -> any any (http.request_header; content:"authority|3a 20|dns.google"; sid:30; )
alert doh2 any any -> any any (http.request_header; content:"authority|3a 20|dns.google"; sid:31; )

does not trigger on http rules, even if it triggers when the dns rules are absent

Subtasks 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #8454

doh2: FN with rulesets combining dns rules and http2 rules

OT Updated by OISF Ticketbot about 10 hours ago Actions
Copy link
#2

OT Updated by OISF Ticketbot about 10 hours ago Actions
Copy link
#3

PA Updated by Philippe Antoine about 10 hours ago Actions
Copy link
#4

Project

General

Profile

Suricata

Custom queries

Bug #8454

doh2: FN with rulesets combining dns rules and http2 rules

OT Updated by OISF Ticketbot about 10 hours ago ActionsCopy link #2

OT Updated by OISF Ticketbot about 10 hours ago ActionsCopy link #3

PA Updated by Philippe Antoine about 10 hours ago ActionsCopy link #4

OT Updated by OISF Ticketbot about 10 hours ago Actions
Copy link
#2

OT Updated by OISF Ticketbot about 10 hours ago Actions
Copy link
#3

PA Updated by Philippe Antoine about 10 hours ago Actions
Copy link
#4