[Oisf-users] Suricata Source and Destination IPs reversed on some alerts
Jeff H
jeff61225 at gmail.com
Fri Aug 19 20:21:02 UTC 2016
I recently started running Suricata on the latest version of SELKS.
I noticed that I am getting alerts that should only trigger on inbound
traffic on outbound traffic.
The traffic in this example was caused by me entering the IP in a web
brower to generate this traffic.
In this example the IPs in the alert entry are reversed from what I would
think they should be. They are correct in the flow entry.
http://pastebin.com/3uuFvFwP
This next alert example is from the same host and it has what I would
expect the source and destination to be
http://pastebin.com/sQAmCMg8
Any thoughts on what could be going on here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160819/f5e6cd94/attachment.html>
More information about the Oisf-users
mailing list