Open Information Security Foundation

07/27/2021

07:55 PM Suricata Bug #4171 (Closed): Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL

https://github.com/OISF/suricata/pull/6244
Philippe Antoine

07/23/2021

03:25 PM Suricata Bug #3323: ipv6 evasions

For parasite6, ie the IPv6 version of an ARP cache poisoning, we could have an alert if we see 2 packets @icmpv6.type... Philippe Antoine

07/21/2021

07:50 AM Suricata Bug #4273: protodetect: SEGV due to NULL ptr deref

Oh, but I see @flags=41@ in the stack trace, that means @STREAM_START | STREAM_MIDSTREAM@ but no @STREAM_DEPTH@
I ... Philippe Antoine

07/20/2021

08:38 AM Suricata Bug #3323: ipv6 evasions

flood advertise6 is interesting.
It is a pure DOS : just send many spoofed messages so that Suricata allocates many ... Philippe Antoine

08:06 AM Suricata Bug #3323: ipv6 evasions

So, global status :
- covert send6 : S-V PR https://github.com/OISF/suricata-verify/pull/518
- denial6-1, 2, 3, 4, 7 ... Philippe Antoine

07:54 AM Suricata Bug #3323: ipv6 evasions

That comment about dos new ipv6 goes also for fake mldrouter advertise Philippe Antoine

07:49 AM Suricata Bug #3323: ipv6 evasions

I do not understand the Chiron attack.
dos new ipv6 is about spoofing. The way to detect this would be to have a r... Philippe Antoine

07/19/2021

03:21 PM Suricata Bug #3323: ipv6 evasions

So, here is what I gather from denial6-6
Paper says
> It detects the denial6-6 attack that Suricata missed and wa... Philippe Antoine

07/14/2021

07:55 AM Suricata Task #4067: http2: overload existing http keywords to support http/2

After https://github.com/OISF/suricata/pull/6183
There will be the following questions where we want the opinion of ... Philippe Antoine

07/12/2021

04:13 PM Suricata Bug #4273: protodetect: SEGV due to NULL ptr deref

It looks to me that to trigger this bug, we need :
- a gat at the stream start
- reach the stream depth
- and @Che... Philippe Antoine