Bug #159

FP on suricata v0.9.0 and today git with icmp not size zero

Added by rmkml rmkml almost 4 years ago. Updated almost 4 years ago.

Status:ClosedStart date:05/14/2010
Priority:NormalDue date:05/21/2010
Assignee:OISF Dev% Done:

100%

Category:-Estimated time:0.00 hour
Target version:0.9.1

Description

Hi,
First, thx you all for your good work!
I have a FP with joigned pcap:
09/03/08-08:15:15.425081 [**] [1:469:3] ICMP PING NMAP [**] [Classification: Attempted Information Leak] [Priority: 3] {1} 172.26.16.45:8 -> 172.26.9.163:0
I resend old signature id 469:
alert icmp any any -> any any (msg:"ICMP PING NMAP"; dsize:0; itype:8; classtype:attempted-recon; sid:469; rev:3;)
Anyone confirm this FP please? (alert with suricata v0.9.0 and suricata git today)
Regards
Rmkml

suricatafpicmppingnmap14may2010.pcap (114 Bytes) rmkml rmkml, 05/14/2010 04:08 PM

History

#1 Updated by Victor Julien almost 4 years ago

  • Due date set to 05/21/2010
  • Assignee set to OISF Dev
  • Target version set to 0.9.1
  • Estimated time set to 2.50

#2 Updated by rmkml rmkml almost 4 years ago

Hi,
Since git on date 17 may, pb is resolved.
git today {20 may} (b629b7c5c1e2ad6c91b97b6708ad9ddc6a674502) is resolved again.
pb resolved.
Regards
Rmkml

#3 Updated by Victor Julien almost 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Estimated time changed from 2.50 to 0.00

Original reporter reports that the issue is fixed, closing.

Also available in: Atom PDF