Bug #5161
closed
smb: file not tracked on smb2 async
Added by Angelo Mirabella over 2 years ago.
Updated almost 2 years ago.
Description
Suricata fails to alert on a smb signature related to a file extraction.
Investigating a bit the issue the "file_data" keyword does not match (PrefilterTxFiledata) because a file is never seen by Suricata.
Attaching pcap and signature.
Files
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 7.0.0-rc1
- Status changed from Assigned to In Review
- Status changed from In Review to Closed
- Status changed from Closed to Resolved
- Subject changed from Suricata fails to see SMB file to smb: file not tracked on smb2 async
- Status changed from Resolved to Closed
- Related to Bug #5508: SMB2 async responses are not matched with its request added
Also available in: Atom
PDF