[Oisf-devel] another FP issue on suricata v101/100 please
rmkml
rmkml at free.fr
Fri Aug 6 15:41:09 UTC 2010
Hi,
Im found another FP issue on joigned pcap file and this sig:
alert tcp any any -> any 22 (msg:"suricata fp"; flow:to_server,established; content:"|00 00 00 0C 0A 15 00 00|"; depth:8;
classtype:attempted-admin; sid:9425963; rev:1;)
suricata fire:
08/04/10-11:28:08.793548 [**] [1:9425963:1] suricata fp [**] [Classification: Attempted Administrator Privilege Gain]
[Priority: 3] {6} 10.50.1.104:45981 -> 66.222.92.71:22
This pcap contains normal traffic,
not fuzzing. If you confirm, Im open a new ticket on redmine.
Regards
Rmkml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricatafpsshmsgnewkeys.pcap
Type: application/cap
Size: 4428 bytes
Desc:
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100806/27f714b2/attachment.bin>
More information about the Oisf-devel
mailing list