General

Profile

Mats Klepsland

Issues

Projects

Activity

03/15/2017

03:29 AM Suricata Feature #2062 (New): tls: reimplement tls.fingerprint
Reimplement tls.fingerprint as mpm keyword.

03/10/2017

01:14 AM Suricata Feature #2061 (New): lua: get timestamps from flow
Add lua function to get timestamps from flow as epoch.
Should work something like SCPacketTimestamp, but should ge...

02/23/2017

07:20 AM Suricata Bug #2050: TLS rule mixes up server and client certificates
Submitted pull requests [1][2] to fix the bug.
[1] https://github.com/inliniac/suricata/pull/2599
[2] https://git...
06:50 AM Suricata Bug #2050: TLS rule mixes up server and client certificates
I can confirm that I've managed to reproduce the bug with the pcap you sent.
05:05 AM Suricata Bug #2050: TLS rule mixes up server and client certificates
I think I just located the bug, but I will have to do some more testing before I can confirm this.
04:40 AM Suricata Bug #2050: TLS rule mixes up server and client certificates
Is it possible for you to recreate this, capture a pcap of the traffic and share it? You can share it privately if yo...

02/21/2017

05:02 AM Suricata Feature #2046 (New): Support custom file permissions per logger
It would be useful to be able to set more fine grained file permissions for the loggers.
02:58 AM Suricata Revision 285b5662: doc: add documentation for TlsGetCertSerial Lua function
02:58 AM Suricata Revision ee9f822b: doc: add documentation for tls_cert_serial keyword
02:57 AM Suricata Revision d6508e64: detect: add (mpm) keyword tls_cert_serial
Match on TLS certificate serial number using tls_cert_serial
keyword, e.g.:
alert tls any any -> any any (msg:"TLS c...

Also available in: Atom