General

Profile

Rob Mosher

  • Registered on: 02/09/2019
  • Last connection: 04/07/2019

Issues

Activity

04/09/2019

05:35 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Victor Julien wrote:
> I've asked Florian Westphal from the Netfilter project, and it seems this issue has been fixe...
Rob Mosher

04/08/2019

04:25 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Victor Julien wrote:
> He suggests: "Please try with kernel 5.0 or stable >= v4.19.29, those should both work."
>
...
Rob Mosher
04:23 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Eric Leblond wrote:
> What is the iptables/nftables ruleset used to reproduce that ?
https://redmine.openinfosecf...
Rob Mosher

04/07/2019

11:29 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
This reproduces in C using crafting packets manually... Rob Mosher
10:58 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
I think scapy is too slow sending these packets to trigger the issue.
Looking at the interval between them, we can...
Rob Mosher
10:51 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
For the above, this was the resolv.conf file:
nameserver 8.8.8.8
Rob Mosher
10:48 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Can't quite figure out why scapy can't reproduce this, but this does reproduce it... Rob Mosher
10:31 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Victor Julien wrote:
> Can you reproduce it with this scapy snippet?
> [...]
For whatever reason, that does not ...
Rob Mosher

04/05/2019

07:59 PM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Victor Julien wrote:
> I'm unable to reproduce this. I've tried it on a local box (INPUT/OUTPUT NFQUEUE rules) and o...
Rob Mosher

02/21/2019

05:07 AM Suricata Bug #2806: Parallel DNS queries dropped when using same socket
Victor Julien wrote:
> I think Eric was referring to the iptables rules.
>
> Can you still reproduce this if Suri...
Rob Mosher

Also available in: Atom