TCP stream overlaps with different data.
Possible Man-on-the-Side attack.
Resending of different data in TCP streams is a way to attempt to evade the IDS/IPS.
In practice, an attacker may use packet injection to insert a TCP packet with a payload to be executed by the victim, such as an HTTP redirect to a malicious web site.
The TCP sequence number of this injected packet will typically be the same as that in the real HTTP response coming from the legitimate web server.
Thus, the end node will see two overlapping TCP segments with different application layer data.
209.85.230.248 IP Address Information ISP Google LLC Usage Type Data Center/Web Hosting/Transit Hostname r2---sn-25ge7ns7.gvt1.com Domain Name google.com
#SURICATA STREAM reassembly overlap with different data suppress gen_id 1, sig_id 2210050