[Oisf-users] Suricata parsers

Peter Bates peter.bates at ucl.ac.uk
Mon Nov 7 16:23:17 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all...

On 07/11/2011 16:11, Shirkdog wrote:
> Can you post the errors to the list as well?

I'm getting pretty consistent (IP addresses obfuscated):

[27959] 7/11/2011 -- 16:16:34 - (app-layer-parser.c:969) <Error>
(AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in
parsing "tls" app layer protocol, using network protocol 6, source IP
address a.b.214.226, destination IP address a.b.111.30, src port 57561
and dst port 443
[27959] 7/11/2011 -- 16:16:34 - (app-layer-htp.c:487) <Error>
(HTPHandleResponseData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error in
parsing HTTP server response: [1] [htp_response.c] [677] Unable to
match response to request
[27959] 7/11/2011 -- 16:16:34 - (app-layer-parser.c:969) <Error>
(AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in
parsing "http" app layer protocol, using network protocol 6, source IP
address a.b.214.226, destination IP address a.b.111.30, src port 57562
and dst port 80
[27959] 7/11/2011 -- 16:18:40 - (app-layer-parser.c:969) <Error>
(AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in
parsing "smtp" app layer protocol, using network protocol 6, source IP
address c.d.241.35, destination IP address a.b.111.57, src port 50156
and dst port 25

Having a closer look (which I should have done before posting to the
list!) - all the destination IPs throwing errors are in the same /24
which we have for SLB devices - so I think this is the cause of the
errors.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOuAX1AAoJELhVoVpEMS6RXywH/iiXZLRLSWNyUjOCAzLRGepb
SMlZZ9luTcJfqGTqeATabNXkQ+FBfHz5V15BYy/0dcKdABcZmOkRFT+TpblnGBBV
LqB6TugP+EWQgCqgyLK/XDhMLDOI0O7gEiRmybXrZpv5CQetSNDfUXhx+Sldlxi2
SGHbJTjizaaYHz/o6mVzVk7XQP1eCJdDvuiHMNyzix+k7qdBUuNB/XNJYmeKRiXk
ATBltxIDqQOrpPmkKWhnQHRNsSMbsL9v/yAe4BABq1z8v5BM7T6oSoYZUbTsHvaf
R3ddaO3jknhBz/Lg61Ox8x+C0+Eu4ZSsX5J1nfsM4DoFhf9rlFNpqhVCcROgfpA=
=faQ3
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list