Bug #1904: modbus: duplicate alerts / detection unaware of direction - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1904

closed

modbus: duplicate alerts / detection unaware of direction

Added by Victor Julien about 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

David DIALLO

Target version:

4.1beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

In the current master a rule like this

alert modbus any any -> any any (msg:"Start electric motor"; modbus: access write holding, address 521, value 2; sid:6; rev:1; )

Will match both on the toserver and toclient direction regardless of which direction this command was send in. This is because the detection logic is unaware of direction.

Maybe related to #1574.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1904

modbus: duplicate alerts / detection unaware of direction

Updated by David DIALLO over 6 years ago

Updated by David DIALLO over 6 years ago

Updated by Victor Julien over 6 years ago

Updated by David DIALLO over 6 years ago