[Oisf-users] VXLAN alert detection
Tiago Faria
tiago.faria.backups at gmail.com
Mon Nov 25 18:45:38 UTC 2019
Hi list,
This is related to https://redmine.openinfosecfoundation.org/issues/3348,
which still requires a suricata-verify test, but wanted to check if anyone
is running into issues with VXLAN detection/alert.
It seems that detection on streams >=X in size are not working properly. I
still haven't been able to pinpoint exactly when detection fails, but, for
example:
2011507 - ET POLICY PDF With Embedded File
If not encapsulated with VXLAN: Detection OK
Encapsulated with VXLAN: Detection NOK
Looking at the TCP stream in Wireshark shows the same content from both
streams.
Something else I can look into to help troubleshoot?
Thank you.
T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191125/bac86357/attachment.html>
More information about the Oisf-users
mailing list