Actions
Bug #1136
closednegated app-layer-protocol FP on multi-TX flows
Affected Versions:
Effort:
Difficulty:
Label:
Description
When a negated app-layer-protocol is inspected against a multi tx protocol, it FP's on new TX's.
A rule like:
alert udp .... (app-layer-protocol:!dns; ...)
will alert on DNS traffic, even though we properly detected the protocol.
Actions