[Oisf-users] Suricata goes wild with SURICATA STREAM alerts
Cooper F. Nelson
cnelson at ucsd.edu
Tue Jul 12 19:55:23 UTC 2016
What kernel version are you using?
There is a bug in the 4.2 and higher Linux kernel versions with the RSS
implementation. I was seeing those issues and reverting to the 4.1
release fixed it.
-Coop
On 7/12/2016 12:46 PM, Marius wrote:
> The rules, which indicate an error, are mostly stream engine related:
> SURICATA STREAM 3way handshake with ack in wrong dir [Classification:
> (null)]
> SURICATA STREAM ESTABLISHED packet out of window
> SURICATA STREAM ESTABLISHED invalid ack
> SURICATA STREAM Packet with invalid ack
> SURICATA STREAM FIN invalid ack
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160712/51b215ee/attachment-0002.sig>
More information about the Oisf-users
mailing list