Suricata alerts every day - should I be concerned?

domiflichi · December 21, 2022, 9:07pm

Hello,

Still a pretty newbie person to Suricata. I get several ‘SURICATA’ alerts pretty much every day:

2230027 SURICATA TLS certificate invalid der
2224004 SURICATA IKEv2 weak cryptographic parameters (Auth)
2224002 SURICATA IKEv2 weak cryptographic parameters (Encryption)
2224005 SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)
2224003 SURICATA IKEv2 weak cryptographic parameters (PRF)
2210035 SURICATA STREAM FIN2 FIN with wrong seq
2210036 SURICATA STREAM FIN2 invalid ack
2210020 SURICATA STREAM ESTABLISHED packet out of window
2210030 SURICATA STREAM FIN invalid ack
2210029 SURICATA STREAM ESTABLISHED invalid ack
2210056 SURICATA STREAM bad window update
2210055 SURICATA STREAM 3way handshake excessive different SYN/ACKs

I was just wondering if I should be worried about anything. I’m not sure how to interpret these. If anyone has any light to shed, I’m all ears.

Jamie

jmtaylor90 · December 30, 2022, 3:19pm

Hi Jamie,

The rules you have listed are what could be considered information/anomaly type alerts. They indicate conditions with the negotiation of TCP streams and encryption handshakes.

Topic		Replies	Views
Hunting a spyware and log messages Help suricata	2	348	March 9, 2024
Not alerts are triggered in suricata V 6.0.13	7	292	August 28, 2023
Suricata does not create alerts following attack tests Help suricata	4	882	November 9, 2022
Alertas suricata - explicacion e interpretacion Help	1	927	August 19, 2021
Testing ping alert rule Rules suricata	5	3227	July 27, 2022

Suricata alerts every day - should I be concerned?

Related Topics