Project

General

Profile

Actions

Bug #209

closed

regression v100 and git today cause two (same?) FP

Added by rmkml rmkml over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
I have two FP with two sigs on joigned pcap file:
alert udp any any <> any 0 (msg:"BAD-TRAFFIC udp port 0 traffic"; classtype:misc-activity; sid:525; rev:9;)
alert udp any 0 -> 224.0.0.0/4 5353 (msg:"suricata fp"; classtype:bad-unknown; sid:9037079; rev:1;)
Pcap file contains only one packet with IGMP protocol.
Please Check.
Regards
Rmkml


Files

Actions #1

Updated by Victor Julien over 14 years ago

  • Due date set to 07/20/2010
  • Assignee set to OISF Dev
  • Target version set to 1.0.1
  • Estimated time set to 2.50 h
Actions #2

Updated by Will Metcalf over 14 years ago

problem verified these sigs should not fire but they do...
cat fast.log
06/29/10-08:17:39.364224 [**] [1:9037079:1] suricata fp [**] [Classification: Potentially Bad Traffic] [Priority: 3] {2} 10.50.1.191:0 -> 224.0.0.2:0
06/29/10-08:17:39.364224 [**] [1:525:9] BAD-TRAFFIC udp port 0 traffic [**] [Classification: Misc activity] [Priority: 3] {2} 10.50.1.191:0 -> 224.0.0.2:0
06/29/10-08:17:39.364224 [**] [1:525:9] BAD-TRAFFIC udp port 0 traffic [**] [Classification: Misc activity] [Priority: 3] {2} 10.50.1.191:0 -> 224.0.0.2:0
coz@coz-desktop:~/downloads/oisfnew$ tcpdump -nnn -r suricatafpigmpmulticastnotudpsrcport0.pcap
reading from file suricatafpigmpmulticastnotudpsrcport0.pcap, link-type EN10MB (Ethernet)
03:17:39.364224 IP 10.50.1.191 > 224.0.0.2: igmp leave 224.0.0.251

Actions #3

Updated by Victor Julien over 14 years ago

  • Assignee changed from OISF Dev to Victor Julien
Actions #4

Updated by Victor Julien over 14 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Fixed in the current git master, commit 689d05b10bd92cbb5a7a4277c2592b95e48dd302.

Thanks for the report rmkml!

Actions

Also available in: Atom PDF