[Oisf-users] A lot of stream alerts after updating to 1.4.5

carlopmart carlopmart at gmail.com
Fri Aug 16 09:57:57 UTC 2013 

Hi all,

  From the last two days (after updating to suricata 1.4.5) I am 
receiving a lot of alerts like this:

08/14/2013-14:08:32.453946  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.453946  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.453948  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.453948  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.453949  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.453949  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.453950  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.453950  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454004  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454004  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454006  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454006  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454007  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454007  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454008  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454008  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454010  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454010  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454012  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454012  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454013  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454013  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.57:139 -> 10.196.0.6:23842
08/14/2013-14:08:32.454014  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454014  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454015  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454015  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454016  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454016  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454074  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454074  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454077  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454077  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454078  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454078  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454079  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454079  [**] [1:2210029:1] SURICATA STREAM 
ESTABLISHED invalid ack [**] [Classification: (null)] [Priority: 3] 
{TCP} 10.196.0.6:23842 -> 10.196.0.57:139
08/14/2013-14:08:32.454080  [**] [1:2210045:1] SURICATA STREAM Packet 
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP} 
10.196.0.6:23842 -> 10.196.0.57:139

  Could be a problem with my defrag settings??

defrag:
   memcap: 32mb
   hash-size: 65536
   trackers: 65535 # number of defragmented flows to follow
   max-frags: 65535 # number of fragments to keep (higher than trackers)
   prealloc: yes
   timeout: 60

More information about the Oisf-users mailing list