Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Victor Julien 5f4a23deb9 ipv6: RH extension header parsing issue ... A logic error in the IPv6 Routing header parsing caused accidental updating of the original packet buffer. The calculated extension header lenght was set to the length field of the routing header, causing it to be wrong. This has 2 consequences: 1. defrag failure. As the now modified payload was used in defrag, the decoding of the reassembled packet now contained a broken length field for the routing header. This would lead to decoding failure. The potential here is evasion, although it would trigger: [1:2200014:1] SURICATA IPv6 truncated extension header 2. in IPS mode, especially the AF_PACKET mode, the modified and now broken packet would be transmitted on the wire. It's likely that end hosts and/or routers would reject this packet. NFQ based IPS mode would be less affected, as it 'verdicts' based on the packet handle. In case of replacing the packet (replace keyword or stream normalization) it could broadcast the bad packet. Additionally, the RH Type 0 address parsing was also broken. It too would modify the original packet. As the result of this code was not used anywhere else in the engine, this code is now disabled. Reported-By: Rafael Schaefer <rschaefer@ernw.de>		11 years ago
benches	Initial add of the files.	16 years ago
contrib	Add option on Tile-Gx for logging for fast.log alerts over PCIe	12 years ago
doc	Update docs from wiki	13 years ago
lua	output-lua: add SCPacketTimeString	11 years ago
m4	Prelude plugin: add detection in configure script	16 years ago
qa	prscript: update URL	11 years ago
rules	stream: detect and filter out bad window updates	11 years ago
scripts	suricatasc: add -c flag to run command	11 years ago
src	ipv6: RH extension header parsing issue	11 years ago
.gitignore	unittest: make check use a qa/log dir for logging	12 years ago
.travis.yml	travis-ci: use make check	11 years ago
COPYING	Initial add of the files.	16 years ago
ChangeLog	Update Changelog for 2.1beta1	11 years ago
LICENSE	import of gplv2 LICENSE	16 years ago
Makefile.am	make install-full: get correct version of ET	12 years ago
Makefile.cvs	Initial add of the files.	16 years ago
acsite.m4	Added C99 defs/macros to acsite.m4 for CentOS	16 years ago
autogen.sh	OpenBSD 5.2 build fixes, Unit test fix.	13 years ago
classification.config	Import of classification.config	16 years ago
config.rpath	Add file needed for some autotools version.	12 years ago
configure.ac	lua: improve configure checks	11 years ago
doxygen.cfg	doxygen: add source browser	11 years ago
reference.config	Add md5 to reference.config.	14 years ago
suricata.yaml.in	streaming-loggers: add configuration	11 years ago
threshold.config	threshold: improve comments of shipped threshold.config, add links to wiki.	13 years ago