[Oisf-devel] FTP bounce detection broken on some platforms
Victor Julien
lists at inliniac.net
Thu Jul 5 16:03:50 UTC 2018
On 03-07-18 06:59, Isaac Lee wrote:
> I came across an issue where FTP bounce is wrongly detected on mips64
> platforms.
>
> The issue starts to occur after the following commit that aims to make
> IP address conversion work on PPC64:
> https://github.com/OISF/suricata/commit/6783463eeeec3d46214032f0c39346a9c1a2ba37
>
> However it does not work on mips64. The two IP addresses it's comparing
> is actually the same but in reverse order, causing false positive
> detections. Reverting the commit makes the issue go away.
>
> Does anyone have any idea how the issue should be fixed?
>
> Any feedback is appreciated.
>
Can you share a small pcap to trigger the issue? I don't have a misp64
setup to test, but can at least recheck ppc32 and ppc64.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list