From 1e653249400ec6217af6d3f153f774ec133d5357 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 28 Feb 2022 15:12:37 -0600
Subject: [PATCH] smb: rules for messages in the wrong direction

---
 rules/smb-events.rules | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/smb-events.rules b/rules/smb-events.rules
index 97fc675cb1..713231dd42 100644
--- a/rules/smb-events.rules
+++ b/rules/smb-events.rules
@@ -16,3 +16,5 @@ alert smb any any -> any any (msg:"SURICATA SMB malformed NTLMSSP record"; flow:
 alert smb any any -> any any (msg:"SURICATA SMB malformed request dialects"; flow:to_server; app-layer-event:smb.negotiate_malformed_dialects; classtype:protocol-command-decode; sid:2225005; rev:1;)
 
 alert smb any any -> any any (msg:"SURICATA SMB file overlap"; app-layer-event:smb.file_overlap; classtype:protocol-command-decode; sid:2225006; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB wrong direction"; app-layer-event:smb.response_to_server; classtype:protocol-command-decode; sid:2225007; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB wrong direction"; app-layer-event:smb.request_to_client; classtype:protocol-command-decode; sid:2225008; rev:1;)