[Oisf-devel] another FP issue on suricata v101/100 please
Victor Julien
victor at inliniac.net
Wed Dec 15 11:29:03 UTC 2010
rmkml wrote:
> Hi,
> Im found another FP issue on joigned pcap file and this sig:
> alert tcp any any -> any 22 (msg:"suricata fp";
> flow:to_server,established; content:"|00 00 00 0C 0A 15 00 00|"; depth:8;
> classtype:attempted-admin; sid:9425963; rev:1;)
> suricata fire:
> 08/04/10-11:28:08.793548 [**] [1:9425963:1] suricata fp [**]
> [Classification: Attempted Administrator Privilege Gain]
> [Priority: 3] {6} 10.50.1.104:45981 -> 66.222.92.71:22
> This pcap contains normal traffic, not fuzzing. If you confirm, Im open
> a new ticket on redmine.
I've tested this with today's git master and I am not able to reproduce
the issue. So it appears to be fixed.
Thanks rmkmml!
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list