Project

General

Profile

Actions

Bug #4312

closed

dcerpc: no alert triggered with dce opnum in 6.0

Added by Jeff Lucovsky almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
High
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

For the attached suricata-verify test, alert is not triggered for rules in the file named ".broken.rules". The only diff this file has from the other rule file is an opnum to match against.

via Jeff Lucovsky via Corelight researcher


Files

zerologon-suri.tar.gz (36.7 KB) zerologon-suri.tar.gz Shivani Bhardwaj, 12/03/2020 11:48 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0ClosedShivani BhardwajActions
Actions #1

Updated by Jeff Lucovsky almost 4 years ago

  • Copied from Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0 added
Actions #2

Updated by Victor Julien almost 4 years ago

  • Status changed from Assigned to In Progress
Actions #3

Updated by Shivani Bhardwaj almost 4 years ago

  • Status changed from In Progress to Closed
Actions

Also available in: Atom PDF