Open Information Security Foundation

10/10/2018

09:33 AM Suricata Bug #2639 (Closed): Alert for tcp rules with established without 3whs

I am seeing alerts being created when having a rule for tcp with the flow keyword 'established' while processing pack... Paulo Pacheco

01/25/2017

02:31 PM Suricata Bug #1946: can't get response info in some situation

Just run suricata -r qq.com.54515-8080.pcap ( pcap filtered from submitted pcap with flows that matters ) -c surica... Paulo Pacheco

12/04/2016

01:40 PM Suricata Bug #1946: can't get response info in some situation

Investigating more this issue,
I found out this happens at the shutdown sequence because of a premature call for F... Paulo Pacheco

07:45 AM Suricata Bug #1946: can't get response info in some situation

I've isolated the issue to a single TCP flow from the posted pcap.
It only fails in this flow:
172.019.100.133... Paulo Pacheco

11/14/2016

02:42 PM Suricata Bug #1946: can't get response info in some situation

Tried this with --runmode single with good results.
The bug only happens when running with multiple threads. Paulo Pacheco

10/26/2016

12:50 PM Suricata Bug #1935 (Closed): Check redis reply in non pipeline mode

Check if a redis reply is available in eve redis output while running on non pipeline mode.
The redis reply pointe... Paulo Pacheco