Issues fragmented packets and BRO

Description

I was doing some testing with fragmented attacks trying to bypass IDS sensors and noticed that BRO does not identify/populate the SRC & DST IP's in the weird log and other fields such as the URI in the http.log when doing stuff like:

>>> f=fragment(IP(dst="80.69.77.211")/ICMP()/("X"*50), fragsize=10)
>>> for frag in f:
... send(frag)

1377062338.222065 - - - - - excessively_small_fragment - F bro

Also,. I fragmented a GET /EVILSTUFF HTTP request,. and noticed:

1377056289.770819 - - - - - excessively_small_fragment - F bro
1377056289.787032 - - - - - fragment_inconsistency - F bro
1377056290.141267 iL6Ki3ncjV1 192.168.1.5 17384 192.168.1.16 80 unmatched_HTTP_reply - F bro

PCAPS are attached.

Environment

Ubuntu/Debian

Assignee

Unassigned

Reporter

john blaze

Labels

None

External issue ID

None

Components

Affects versions

Priority

Normal
Configure