smb: rules for messages in the wrong direction

author Jason Ish <jason.ish@oisf.net>

Mon, 28 Feb 2022 21:12:37 +0000 (15:12 -0600)

committer Victor Julien <vjulien@oisf.net>

Tue, 19 Apr 2022 18:53:40 +0000 (20:53 +0200)
author Jason Ish <jason.ish@oisf.net>
Mon, 28 Feb 2022 21:12:37 +0000 (15:12 -0600)
committer Victor Julien <vjulien@oisf.net>
Tue, 19 Apr 2022 18:53:40 +0000 (20:53 +0200)
diff --git a/rules/smb-events.rules b/rules/smb-events.rules

index 97fc675cb1741ef74a5187206bab8cfc235fa088..713231dd421ae0f329af383af491792bb6c74089 100644 (file)
--- a/rules/smb-events.rules
+++ b/rules/smb-events.rules
@@ -16,3 +16,5 @@ alert smb any any -> any any (msg:"SURICATA SMB malformed NTLMSSP record"; flow:
  alert smb any any -> any any (msg:"SURICATA SMB malformed request dialects"; flow:to_server; app-layer-event:smb.negotiate_malformed_dialects; classtype:protocol-command-decode; sid:2225005; rev:1;)
  
  alert smb any any -> any any (msg:"SURICATA SMB file overlap"; app-layer-event:smb.file_overlap; classtype:protocol-command-decode; sid:2225006; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB wrong direction"; app-layer-event:smb.response_to_server; classtype:protocol-command-decode; sid:2225007; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB wrong direction"; app-layer-event:smb.request_to_client; classtype:protocol-command-decode; sid:2225008; rev:1;)
author	Jason Ish <jason.ish@oisf.net>
	Mon, 28 Feb 2022 21:12:37 +0000 (15:12 -0600)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 19 Apr 2022 18:53:40 +0000 (20:53 +0200)