[Oisf-devel] another FP issue on suricata v101/100 please
rmkml
rmkml at free.fr
Mon Aug 9 16:47:32 UTC 2010
Thx for your work Will,
sorry, it's a FP for suricata v1.0.0.
Regards
Rmkml
On Mon, 9 Aug 2010, Will Metcalf wrote:
> Sorry for the delay, Shouldn't this match on packet #19?
>
> Regards,
>
> Will
>
> On Fri, Aug 6, 2010 at 10:41 AM, rmkml <rmkml at free.fr> wrote:
>> Hi,
>> Im found another FP issue on joigned pcap file and this sig:
>> alert tcp any any -> any 22 (msg:"suricata fp"; flow:to_server,established;
>> content:"|00 00 00 0C 0A 15 00 00|"; depth:8;
>> classtype:attempted-admin; sid:9425963; rev:1;)
>> suricata fire:
>> 08/04/10-11:28:08.793548 [**] [1:9425963:1] suricata fp [**]
>> [Classification: Attempted Administrator Privilege Gain]
>> [Priority: 3] {6} 10.50.1.104:45981 -> 66.222.92.71:22
>> This pcap contains normal traffic, not fuzzing. If you confirm, Im open a
>> new ticket on redmine.
>> Regards
>> Rmkml
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>
>>
>
More information about the Oisf-devel
mailing list