[Oisf-users] Sha hashes not consistent in 3.2beta1, md5 OK
Jeremy MJ
jskier at gmail.com
Fri Oct 7 21:30:14 UTC 2016
Good point. The logging side is reporting incorrect sha hashes
occasionally (sometimes it's correct).
Just did a test with sha1/256 rule and correct hash, no alert (md5
still correct, sha values are wrong). I'll try the incorrect hashes in
the rules and see what that does early next week.
--
Jeremy MJ
On Fri, Oct 7, 2016 at 2:27 PM, Duarte Silva
<duarte.silva at serializing.me> wrote:
> Hey Jeremy,
>
> are you seeing the problems on the logging or on the rules matching?
>
> Cheers,
> Duarte
>
> On Friday 07 October 2016 12:30:26 Jeremy MJ wrote:
>> Greetings,
>>
>> I am testing sha1/256 hashing in Suricata 3.2beta1. I noticed that the
>> MD5 always matches the file stream, however on occasion the hash for
>> sha1/256 do not match the actual file stream (but the md5 does).
>>
>> Typically this is on larger files. Is there a configuration setting I
>> should look at? Is anyone else observing this?
>>
>> Regards,
>>
>> --
>> Jeremy MJ
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net
>
More information about the Oisf-users
mailing list