General

Profile

Pablo Rincon

Issues

Projects

Activity

12/23/2010

11:37 AM Suricata Bug #263 (Closed): No line number information on certain errors loading signatures
As you can see the sid 2012100 is not loaded, and at the log there's no line information:
"from file /opt/ruledump/s...
Pablo Rincon

09/02/2010

12:27 PM Suricata Bug #210: Fail to alert on sid 2002900
Hi, I've been researching a bit more on it, and I think we need to ping Ivan for this.
The uri ends with "%20=%20|...
Pablo Rincon

08/30/2010

05:04 AM Suricata Bug #231: http related segv's
I don't think that the null pointer is hs. I think that connp was NULL.
Can you please rerun that pcap with gdb and ...
Pablo Rincon

08/27/2010

10:08 AM Suricata Bug #231: http related segv's
That patch has a strange character and it doesn't compile correctly. Use this one instead.
Btw, what about the fix a...
Pablo Rincon
09:51 AM Suricata Bug #231 (Assigned): http related segv's
Check the not NULL of connp and conn before using them. I guess that the problem is more related to libhtp, that unse... Pablo Rincon

08/25/2010

02:15 PM Suricata Bug #228: Suricata can't drop or reject in bridge mode
Hi Joaquin.
As far as I know suricata cannot read ssl session (even with the certificate). If you find a way to in...
Pablo Rincon

07/28/2010

07:53 AM Suricata Bug #221 (Feedback): signature does not alert or drop
Hi, I have attached a patch that avoid flagging the sig as "decoder event only", so now it gets grouped correctly and... Pablo Rincon

07/23/2010

10:20 AM Suricata Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1
This patch should fix the issue to be compat, checking the proto at the ip hdr instead of p->proto (that is not set o... Pablo Rincon

07/21/2010

01:32 PM Suricata Bug #207: False Negative related to use of depth/offset when processing the attached pcap
We were not handling correctly the combination of depth/offset on certain cases. The attached patch fix this issue. Pablo Rincon

07/02/2010

11:22 AM Suricata Bug #191 (Resolved): False Negative when matching on negated uricontent.
The problem was that we were skipping the checks of uricontent/urilen and pcre on uris if we got no match on uriconte... Pablo Rincon

Also available in: Atom