Open Information Security Foundation

09/11/2025

11:57 AM Suricata Bug #7892 (New): icmp detection corner case with dns app_proto

Recently reviewing a few different cases and stumbled on interesting ICMP pcap trace where the proto is ICMP but ap... Peter Manev

09/04/2025

07:19 AM Suricata Feature #7882 (New): icmp malware channel activity events in one sided flows

We have one way malware communication channel in the attached "single channel" pcap.
The responses are coming via a... Peter Manev

08/29/2025

12:33 PM Suricata Bug #7873: stream_size: no error with udp rule

yes, 7 i affected too. Peter Manev

09:50 AM Suricata Bug #7873: stream_size: no error with udp rule

The bellow is a test that does not error with the rule above. ... Peter Manev

09:41 AM Suricata Bug #7873 (New): stream_size: no error with udp rule

The combination of udp plus stream_size should error out.
For example this rule should not load and should throw an ... Peter Manev

08/28/2025

06:13 PM Suricata Bug #3221 (Closed): EBPFDeleteKey -- ERRCODE: SC_ERR_SYSCALL(50)

Peter Manev

06:13 PM Suricata Bug #3221: EBPFDeleteKey -- ERRCODE: SC_ERR_SYSCALL(50)

This is too old to be true by now as also too many things have changed. Closing.
If I encounter it again i will repo... Peter Manev

07/09/2025

07:20 PM Suricata Documentation #6096: eve/app-layer: generate example eve-log for each protocol

What we agreed with Jason as a first step is to add example logs, then provide corresponding public pcaps and as a th... Peter Manev

06/18/2025

07:13 AM Suricata Documentation #6450: userguide: add section about sshhash

Think its all good from my view Peter Manev

03/30/2025

11:30 AM Suricata Feature #845 (Closed): stats: track memory consumption

Peter Manev