Open Information Security Foundation

04/05/2024

02:42 AM Suricata Bug #6782: Crasher in HTTP chunked / StreamingBuffer

Ran with ASAN and debug compile and got the following output, not sure much more helpful it is than previous backtrac... Gianni Tedesco

03/22/2024

08:45 AM Suricata Bug #6782: Crasher in HTTP chunked / StreamingBuffer

A bit of extra context here. The systems this is happening on, it's happening pretty regularly (eg. every 10 minutes)... Gianni Tedesco

03/21/2024

02:44 AM Suricata Bug #6634: Invalid ja3 due to double client hello

And another discrepancy, which I am not sure about and investigating a bit more is that, sometimes the EVE JSON repor... Gianni Tedesco

02:32 AM Suricata Bug #6634: Invalid ja3 due to double client hello

I am also seeing a case where only two fields are being output, this also seems invalid: "771,4865-4866-4867-49195-49... Gianni Tedesco

03/18/2024

05:12 AM Suricata Feature #6379: JA4 support for TLS and QUIC

It would be good if all the fields required for JA4 can be exported in the EVE TLS event meta-data, that way JA4's (o... Gianni Tedesco

03/17/2024

11:36 AM Suricata Bug #6634: Invalid ja3 due to double client hello

Can confirm we are seeing exactly this problem on approx 0.005% of TLS sessions Gianni Tedesco

02/15/2024

01:30 PM Suricata Bug #6782: Crasher in HTTP chunked / StreamingBuffer

Ran with: ... Gianni Tedesco

09:52 AM Suricata Bug #6782 (New): Crasher in HTTP chunked / StreamingBuffer

Seeing similar crashes on multiple sites, looks like a heap corruption somewhere:... Gianni Tedesco

08/08/2022

08:38 AM Suricata Bug #5183: TLS Handshake Fragments not Reassembled

Yes, there must be a bug in the tool, will look into that. Gianni Tedesco

05/25/2021

12:36 AM Suricata Task #570: tracking: memory fragmentation

Or at least, appears to be around reassembly and state for protocols at least. Will investigate further. Gianni Tedesco