Project

General

Profile

Actions

Bug #5161

closed

smb: file not tracked on smb2 async

Added by Angelo Mirabella over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata fails to alert on a smb signature related to a file extraction.

Investigating a bit the issue the "file_data" keyword does not match (PrefilterTxFiledata) because a file is never seen by Suricata.

Attaching pcap and signature.


Files

test.pcap (3.27 MB) test.pcap Angelo Mirabella, 02/24/2022 02:44 PM
test.rule (139 Bytes) test.rule Angelo Mirabella, 02/24/2022 02:44 PM

Subtasks 1 (0 open1 closed)

Bug #5715: smb: file not tracked on smb2 async (6.0.x backport)ClosedVictor JulienActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #5508: SMB2 async responses are not matched with its requestClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF