Actions
Bug #523
closedstream: invalid stream event when suricata sees 3whs ACK, but server doesn't
Affected Versions:
Effort:
Difficulty:
Label:
Description
Basically, we've got SYN, SYN ACK, ACK but ACK did not seem to be received and we've got a new SYN ACK. Which is ACKed once more.
Suricata triggers an alert:
08/16/2012-07:55:05.913557 [**] [1:2210022:1] SURICATA STREAM ESTABLISHED SYNACK resend [**] [Classification: (null)] [Priority: 3] {TCP} 62.93.195.148:80 -> 192.168.0.102:47146
Files
Actions