Open Information Security Foundation

03/11/2020

09:02 PM Suricata Bug #3521: Bypass of Detection Capabilities

Guillermo Muñoz wrote in #note-4:
> Victor Julien wrote in #note-3:
> > So are this ticket and #3522 the same issue... Guillermo Muñoz

09:01 PM Suricata Bug #3521: Bypass of Detection Capabilities

Victor Julien wrote in #note-3:
> So are this ticket and #3522 the same issue?
Yes, you can close this ticket for... Guillermo Muñoz

01:39 PM Suricata Bug #3521: Bypass of Detection Capabilities

Victor Julien wrote in #note-1:
> Please try Suricata 5.0. TCP fast open support was added in 5.0. (see #1203)
I ... Guillermo Muñoz

01:38 PM Suricata Bug #3522 (Closed): TCP Fast Open - Bypass of stateless alerts

I have successfully verified that Suricata on latest release version v5.0.2 doesn't detect payloads using TFO (TCP Fa... Guillermo Muñoz

03/10/2020

06:33 PM Suricata Bug #3521 (Closed): Bypass of Detection Capabilities

Dear colleagues,
I have noticed that Suricata signatures (i.e. file provided to Suricata using the -s option) do n... Guillermo Muñoz

03/08/2020

06:55 PM Suricata Bug #3518: Bypass of Payload detection on TCP Teardown

I have verified that if we send the last ACK of the teardown and we attempt to send the custom payload, suricata is w... Guillermo Muñoz

05:47 PM Suricata Bug #3518: Bypass of Payload detection on TCP Teardown

I am attaching the .pcap as well as three more clear screenshots. Please replace the file "Screen Shot 2020-03-08 at ... Guillermo Muñoz

05:39 PM Suricata Bug #3518 (Closed): Bypass of Payload detection on TCP Teardown

While configuring Suricata on inline mode with established tcp connections, it is possible to bypass its detection by... Guillermo Muñoz