Bug #5850
closed
./src/suricata -S repro.rules -k none -c suricata.yaml --set stream.midstream=true -r repro2.pcap gets the assertion triggered
alert smb any any -> any any (flow:to_server; frame:smb2.data; content:!"|FE|SMB"; startswith; sid:6;)
alert dcerpc any any -> any any (flow:to_server; dcerpc.iface:367abb81-9844-35f1-ad32-98f038001003; dcerpc.opnum:15; sid:3;)
The first rule make redmine go 500
- Status changed from New to In Progress
- Status changed from In Progress to Closed
Also available in: Atom
PDF