Actions
Bug #151
closedFP on suricata v0.9.0 with IPv6 icmp large
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi,
Congratulations for last big update!
I have a FP with joigned pcap:
05/07/10-10:24:36.208132 [**] [1:499:4] ICMP Large ICMP Packet [**] [Classification: Potentially Bad Traffic] [Priority: 3] {58} fe80::5d53:83c4:e3f2:8927:143 -> ff02::16:0
I resend old signature id 499:
alert icmp any any -> any any (msg:"ICMP Large ICMP Packet"; dsize:>800; classtype:bad-unknown; sid:499; rev:4;)
Anyone confirm this FP please? (alert with suricata v0.9.0 and suricata v0.8.2)
Of course, snort v2.8.6(.0) with ipv6 enabled not firing (on same pcap and same signatures/rules).
Regards
Rmkml
Files
Actions