Project

General

Profile

Actions
Copy link

Bug #1161

closed

eve: src and dst mixed up in some cases

Added by Victor Julien over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
High
Assignee:
Tom DeCanio
Target version:
2.0.1rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

It seems that in some cases the src and dst ip and ports and in the reverse order.

Actions
Copy link
 #1

Updated by Christophe Vandeplas over 10 years ago

Here's my analysis and remarks with the different event_types and the patch from https://github.com/inliniac/suricata/pull/915

http - src/dst switched => Patch OK
http - length = is this the size from client to server or from server to client? What with the other one ? In HTTP POST (for example) it's important to know client-to-server.

fileinfo - toserver - probably not needed => probably out of scope, or otherwise content type must be decoded to be of any use
fileinfo - toclient - src/dst switched => Patch OK

dns - type:query - src/dst switched => Patch OK
dns - type:answer - src/dst correct => Patch ERROR

Actions
Copy link
 #2

Updated by Victor Julien over 10 years ago

  • Priority changed from Normal to High
Actions
Copy link
 #3

Updated by Victor Julien over 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF