General

Profile

Brandon Murphy

  • Login: zoomequipd
  • Registered on: 09/17/2019
  • Last connection: 01/15/2023

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 22 10 32

Activity

01/15/2023

12:41 AM Suricata Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents
> Brandon, what do you think about https://github.com/OISF/suricata/pull/8371 ?
I'll be honest, I am not familiar en... Brandon Murphy

01/11/2023

10:09 PM Suricata Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents
Philippe Antoine wrote in #note-9:
> So, trying to sump up, there are 2 issues :
> - http2.header should match http... Brandon Murphy
08:22 PM Suricata Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents
Philippe Antoine wrote in #note-7:
> > Do you happen to know if this only works when overloading is enabled (in 6.0.x... Brandon Murphy
03:51 PM Suricata Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents
Philippe Antoine wrote in #note-4:
> Workaround use @http.header@ instead of @http2.header@ cf @alert http2 any any ... Brandon Murphy

01/10/2023

03:49 PM Suricata Bug #5780 (In Review): HTTP/2 - FN when matching on multiple http2.header contents
It appears that when attempting to combine two different HTTP2 headers into a single rule, no alert is produced.
... Brandon Murphy

01/06/2023

03:21 PM Suricata Feature #4226: bsize: apply as depth to patterns
Recently discovered that urilen is much faster than bsize applied to http.uri as well.
I'm not 100% sure if this ... Brandon Murphy

01/04/2023

06:16 PM Suricata Feature #5776 (New): PCRE fast_patterns via hyperscan
This feature request is largely inspired by a new keyword introduced within Snort 3.0 The documentation is available... Brandon Murphy
04:10 PM Suricata Feature #5775 (New): http.headers - dynamic sticky buffers
This idea is largely influenced by Snort 3.0 introduction of of an optional "field name" to the http_header keyword. ... Brandon Murphy
03:29 PM Suricata Support #5774: Addressing Mixed Case in HTTP Headers Names and HTTP2
While this specific example highlights content negations, the same issues exists where we are explicitly looking for ... Brandon Murphy
03:21 PM Suricata Support #5774 (New): Addressing Mixed Case in HTTP Headers Names and HTTP2
Today we have a large amount of rules which use content negations of specific header names similar to the following l... Brandon Murphy

Also available in: Atom