Open Information Security Foundation

08/11/2016

06:39 PM Suricata Bug #1860: 2220005: SURICATA SMTP bdat chunk len exceeded when using SMTP connection caching

I am using Suricata under the latest stable version of Security Onion, with no tweaks to Security Onion's default sur... Kevin Branch

07/01/2013

03:07 PM Suricata Bug #810: Alerts on http traffic storing the wrong packet as the IDS event payload

After upgrading from 1.4.1 to 1.4.3 I am still seeing this problem recur.
In a case today, the rule that fired was 2... Kevin Branch

06/11/2013

02:13 PM Suricata Bug #810: Alerts on http traffic storing the wrong packet as the IDS event payload

Victor,
I emailed you the pcap of this classic example of bug 810 that just popped up today. Packets number 4 and... Kevin Branch

05/15/2013

10:09 AM Suricata Bug #810: Alerts on http traffic storing the wrong packet as the IDS event payload

I should be able to come up with a pcap within the next day or two. If it looks like it should go to you privately, ... Kevin Branch

05/13/2013

11:31 AM Suricata Bug #810: Alerts on http traffic storing the wrong packet as the IDS event payload

Sorry about posting an intact ETPRO rule like that. Will try to avoid that in the future. I'm pretty sure I am only... Kevin Branch

05/11/2013

02:36 PM Suricata Bug #810: Alerts on http traffic storing the wrong packet as the IDS event payload

Yes, I just confirmed that alert-debug.log shows the same wrong payload as is stored in the unified2 record.
This ru... Kevin Branch

05/10/2013

09:48 AM Suricata Bug #810 (Closed): Alerts on http traffic storing the wrong packet as the IDS event payload

At multiple sites I am running Suricata 1.4.1 on 64 bit Ubuntu 12.04 and CentOS 6 with PF_RING, and I am frequently r... Kevin Branch