suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	c1b7befb18	smb: checks against nbss records length When Suricata handles files over SMB, it does not wait for the NBSS record to be complete, and can stream the payload to the file... But it did not check the consistency of the SMB record length being read or written against the NBSS record length. This could lead to an evasion where an attacker crafts a SMB write with a too big Length field, and then sends its evil payload, even if the server returned an error for the write request. Ticket: #5770	2 years ago
Philippe Antoine	55c4834e4e	smb: configurable max number of transactions per flow Ticket: #5753	2 years ago
Victor Julien	dc57460427	smb: fix event types for limit exceeded rules	3 years ago
Victor Julien	b0354437d5	smb/rules: add rules for new events	3 years ago
Jason Ish	1e65324940	smb: rules for messages in the wrong direction	3 years ago
Philippe Antoine	caa7946888	smb: adds file overlap event against evasions Evasion scenario is - a first dummy write of one byte at offset 0 is done - the second full write of EICAR at offset 0 is then done and does not trigger detection The last write had the final value, and as we cannot "cancel" the previous write, we set an event which is then transformed into an app-layer decoder alert	4 years ago
Victor Julien	1d4aac1d4d	smb1: set event on empty/malformed dialect	7 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	7 years ago

8 Commits (14a4c6c696ea8c3eef0b6fb5fb53918e4efe0ad1)