General

Profile

AI A. Iooss

  • Login: erdnaxe
  • Registered on: 06/09/2024
  • Last sign in: 11/29/2025

Issues

open closed Total
Assigned issues 0 2 2
Reported issues 4 5 9

Projects

Project Roles Registered on
Suricata Developer 11/19/2025
Suricata-Update Developer 11/19/2025

Activity

11/23/2025

AI 07:26 PM Suricata Documentation #8137: windivert: Add WinDivert to Windows build instructions
https://github.com/OISF/suricata/pull/14362 A. Iooss
AI 07:17 PM Suricata Documentation #8137 (Closed): windivert: Add WinDivert to Windows build instructions
The IPS documentation for Windows has a dead link to a PDF.
The Windows build instructions should be updated with WinDivert build instructions, and then this link could be updated. A. Iooss
AI 07:26 PM Suricata Feature #8138: windivert: Build using WinDivert 2
https://github.com/OISF/suricata/pull/14362 A. Iooss
AI 07:20 PM Suricata Feature #8138 (Closed): windivert: Build using WinDivert 2
Currently Suricata on Windows only supports WinDivert before 2.0.0. A. Iooss

11/21/2025

AI 09:32 AM Suricata Feature #8133 (New): Relative pcre with negative distance to previous content match
Currently Suricata implements the @R@ PCRE modifier to allow the equivalent of @distance:0@. This is enough in most use case, except when using PCRE extraction.
See for example this rule: A. Iooss
AI 09:26 AM Suricata Feature #8132 (New): Add decompression support to pcap-file capture method
Suricata can produce pcap.xz files, but can only read uncompressed pcap files.
When dealing with large datasets of pcap, it can be useful to be able to load them directly in Suricata without having to decompress them beforehand. A. Iooss

09/19/2025

AI 08:56 PM Suricata Bug #7925 (New): http: dissection anomaly on repeated 'Vary' headers
During last weekend attack-defense CTF, I captured the following exchange between a Python Requests client and a Java Spring Boot server: A. Iooss

08/10/2025

AI 11:26 AM Suricata Feature #7844 (New): websocket: add option to log payloads in Eve websocket events
Currently `SCWebSocketLoggerLog` hardcodes `pp` and `pb64` as `false`.
An user can only dumps websocket payloads with an alert (setting `websocket-payload: yes`).
An option could be added in `suricata.yaml`, such as `outputs.1.eve-lo... A. Iooss
AI 09:00 AM Suricata Bug #7843 (Closed): http: dissection anomaly on `Content-Encoding: identity`
During an attack-defense CTF, I captured the following exchange between a Python HTTPX client and an ASP.NET server (behing a NGINX reverse-proxy). A. Iooss

07/20/2025

AI 07:21 PM Suricata Bug #7824: hyperscan: caching results in segfault with link time optimization (-flto=auto, etc)
The rule engine is buggy when using hyperscan. This can be reproduced on a fresh Ubuntu 24.04 install, with the same Suricata package, and same firewall configuration.
The Suricata rules are: A. Iooss

Also available in: Atom