]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f0dda61) | patch
tcp: rejects FIN+SYN packets as invalid
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 16 Sep 2021 14:54:37 +0000 (16:54 +0200)
committerVictor Julien <vjulien@oisf.net>
Mon, 15 Nov 2021 13:33:16 +0000 (14:33 +0100)
commit4713ce44c23f3bb965d30684aa2e57be11d50f46
tree9136a87460ce5d9f60ebe6539e32fd471d7d40cftree
parentf0dda61732fd75433e9372265993d477687e269dcommit | diff
tcp: rejects FIN+SYN packets as invalid

Ticket: #4569

If a FIN+SYN packet is sent, the destination may keep the
connection alive instead of starting to close it.
In this case, a later SYN packet will be ignored by the
destination.

Previously, Suricata considered this a session reuse, and thus
used the sequence number of the last SYN packet, instead of
using the one of the live connection, leading to evasion.

This commit errors on FIN+SYN so that they do not get
processed as regular FIN packets.

(cherry picked from commit 6cb6225b28c5d8e616a420b7d05b129ba2845dc0)
rules/stream-events.rules diff | blob | blame | history
src/decode-events.c diff | blob | blame | history
src/decode-events.h diff | blob | blame | history
src/stream-tcp.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git