From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 28 Feb 2022 21:12:37 +0000 (-0600)
Subject: smb: rules for messages in the wrong direction
X-Git-Tag: suricata-5.0.9~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a72db5c15fab5c05a9f9f3859e1c346da555e2cb;p=thirdparty%2Fsuricata.git

smb: rules for messages in the wrong direction

(cherry picked from commit 1e653249400ec6217af6d3f153f774ec133d5357)
---

diff --git a/rules/smb-events.rules b/rules/smb-events.rules
index 97fc675cb1..713231dd42 100644
--- a/rules/smb-events.rules
+++ b/rules/smb-events.rules
@@ -16,3 +16,5 @@ alert smb any any -> any any (msg:"SURICATA SMB malformed NTLMSSP record"; flow:
 alert smb any any -> any any (msg:"SURICATA SMB malformed request dialects"; flow:to_server; app-layer-event:smb.negotiate_malformed_dialects; classtype:protocol-command-decode; sid:2225005; rev:1;)
 
 alert smb any any -> any any (msg:"SURICATA SMB file overlap"; app-layer-event:smb.file_overlap; classtype:protocol-command-decode; sid:2225006; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB wrong direction"; app-layer-event:smb.response_to_server; classtype:protocol-command-decode; sid:2225007; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB wrong direction"; app-layer-event:smb.request_to_client; classtype:protocol-command-decode; sid:2225008; rev:1;)