Project

General

Profile

Actions
Copy link

Bug #7521

open

detect/ip-only: false positive alerts on pseudo packets ending a one direction flow

Added by Victor Julien 29 days ago. Updated 4 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a single direction flow leads to a flow timeout packet in the opposite direction, IP-only inspection is done on that pseudo packet as if it is a real packet, leading to false positive alerts.

Subtasks 1 (1 open0 closed)

Bug #7522: detect/ip-only: false positive alerts on pseudo packets ending a one direction flow (7.0.x backport)AssignedVictor JulienActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 29 days ago

  • Subtask #7522 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 29 days ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Victor Julien 29 days ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #4

Updated by Victor Julien 4 days ago

  • Status changed from In Review to Resolved
Actions
Copy link

Also available in: Atom PDF