Bug #267: Problem with [ipvars] in icmp rule - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #267

closed

Problem with [ipvars] in icmp rule

Bug #267: Problem with [ipvars] in icmp rule

Added by Edward Fjellskål over 15 years ago. Updated over 15 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

Trying out:
alert icmp $HOME_NET any -> [8.8.4.4,8.8.8.8] any (msg:"IDS is alive - ping google-dns test signature"; classtype:misc-activity; sid:30100000; reference:url,gamelinux.org; rev:1;)

The above rule does not fire...

Changing it to:
alert icmp $HOME_NET any -> any any (msg:"IDS is alive - ping test signature"; classtype:misc-activity; sid:30100001; reference:url,gamelinux.org; rev:1;)

This rule fires....

EF Updated by Edward Fjellskål over 15 years ago Actions
Copy link
#1

ohhh... crapz.... sårry with a big O...

For some reason, my interface reverted to not the one that I really use, so $HOME_NET did not match, cuz it did not see the package :/

A nice moment to test multiple interfaces though :)

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
#2

Status changed from New to Rejected

Not an issue after all :)

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #267

Problem with [ipvars] in icmp rule

EF Updated by Edward Fjellskål over 15 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Bug #267

Problem with [ipvars] in icmp rule

EF Updated by Edward Fjellskål over 15 years ago ActionsCopy link #1

VJ Updated by Victor Julien over 15 years ago ActionsCopy link #2

EF Updated by Edward Fjellskål over 15 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
#2