Project

General

Profile

Actions
Copy link

Bug #141

closed

new strange issue (no alert with two signature!)

Added by rmkml rmkml over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
High
Assignee:
Victor Julien
Target version:
0.9.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
ok Im continue my small suricata testing,
with this two signature below, no firing:
alert udp any any -> any 53 (msg:"dns testing"; content:"|00 00|"; depth:5; offset:13; classtype:bad-unknown; sid:9436601; rev:1;)
alert tcp any 40 -> any any (msg:"abc"; flow:to_client,established; content:"ZDZADZA0"; classtype:attempted-dos; sid:1021292; rev:1;) {First signature is previously discussed on ticket #139}
Please this two signature with (same previous pcap on ticket #139) joigned hear.
If you comment second signature (alert tcp...), first signature alert firing, why??
Tested on suricata v0.8.2 release and git date 3 May 2010 (two version are same pb).
Regards
Rmkml

Files

Download all files
suricataudpdnsmodified2.pcap (118 Bytes) suricataudpdnsmodified2.pcap rmkml rmkml, 05/04/2010 03:56 PM
suricata54-normal-vgdrd-log.txt (25 KB) suricata54-normal-vgdrd-log.txt drd log from running the rules and pcap Will Metcalf, 05/04/2010 05:22 PM
Actions
Copy link
 #1

Updated by Will Metcalf over 14 years ago

  • Due date set to 05/05/2010
  • Assignee set to OISF Dev
  • Priority changed from Normal to High
  • Target version set to 0.9.0
  • Estimated time set to 2.50 h

Looks like we may have a race condition.... Validating now... updating time, urgency, etc..

Actions
Copy link
 #2

Updated by Will Metcalf over 14 years ago

drd seems to think we have a problem...

Actions
Copy link
 #3

Updated by Victor Julien over 14 years ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #4

Updated by Victor Julien over 14 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Fixed and pushed out.

Actions
Copy link

Also available in: Atom PDF