Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18110

suricata alert invalid ack

    XMLWordPrintable

Details

    • Incident report
    • Status: Need info
    • Trivial
    • Resolution: Unresolved
    • 4.0.22
    • None
    • Server (S)
    • None

    Description

      Dear zabbix support,

      first of all thank you for your great tool !

      I have an issue with the encrypted communication between zabbix server and zabbix agent in passive mode. I am getting lots of alert from our Intrusion Detection Tool Suricata about zabbix communication : SURICATA STREAM FIN2 invalid ack.

      Is that a knonw issue in Zabbix ? Is there a workaround ?

      I am using zabbix 4.2.6.

      See the alert from Suricata.

      {"timestamp":"2020-07-17T03:16:08.849805+0200","flow_id":1970573864203604,"event_type":"alert","src_ip":"10.20.100.12","src_port":35758,"dest_ip":"10.20.100.68","dest_port":10050,"proto":"TCP","metadata":{"flowints":{"tcp.retransmission.count":17}},"alert":

      {"action":"allowed","gid":1,"signature_id":2210036,"rev":2,"signature":"SURICATA STREAM FIN2 invalid ack","category":"Generic Protocol Command Decode","severity":3}

      ,"tls":{"subject":"CN=zabbix-agent\/O=PF_PPROD\/C=FR","issuerdn":"CN=PF_PPROD\/O=PPROD\/C=FR","serial":"24:6F:4E:AF:1A:D3:81:F9","fingerprint":"9d:76:30:f6:81:72:d4:1d:01:2d:40:79:5a:1b:0a:29:1a:ec:1d:13","version":"TLS 1.2","notbefore":"2020-04-20T20:03:14","notafter":"2022-04-20T20:03:14","ja3":{}},"app_proto":"tls","flow":{"pkts_toserver":36,"pkts_toclient":28,"bytes_toserver":18864,"bytes_toclient":17146,"start":"2020-07-17T03:13:17.652628+0200"}}

      thank you,
      best regards

      Attachments

        Activity

          People

            neogan Andrei Gushchin
            olivier E olivier E
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: