Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4198

closed

dcerpc: no alert triggered with dce opnum in 6.0

Added by Shivani Bhardwaj almost 4 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

High

Assignee:

Shivani Bhardwaj

Target version:

7.0.0-beta1

Affected Versions:

6.0.0

Effort:

Difficulty:

Label:

Needs backport to 6.0

Description

For the attached suricata-verify test, alert is not triggered for rules in the file named ".broken.rules". The only diff this file has from the other rule file is an opnum to match against.

via Jeff Lucovsky via Corelight researcher

Files

zerologon-suri.tar.gz (36.7 KB) zerologon-suri.tar.gz

Shivani Bhardwaj, 12/03/2020 11:48 PM

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4198

dcerpc: no alert triggered with dce opnum in 6.0

Updated by Shivani Bhardwaj almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Jeff Lucovsky over 3 years ago

Updated by Shivani Bhardwaj over 3 years ago