Bug #280: Fragmentation issue - Ping of death not properly detected - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #280

closed

Fragmentation issue - Ping of death not properly detected

Added by sebastien damaye over 13 years ago. Updated over 13 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

1.1beta3

Affected Versions:

Effort:

Difficulty:

Label:

Description

Hi,
Following Scapy payload doesn't trigger an alert in Suricata:
send( fragment(IP(dst="192.168.100.35")/ICMP()/("X"*60000)) )
In Snort, it triggers following alert:
[**] [123:8:1] (spp_frag3) Fragmentation overlap [**] [Priority: 3] 03/19-00:21:07.280484 192.168.100.37 -> 192.168.100.36 ICMP TTL:64 TOS:0x0 ID:1 IpLen:20 DgmLen:828 Frag Offset: 0x1CE8 Frag Size: 0x0328

Attached the capture file.
Thx for your support

Files

fragmentation.pcap (121 KB) fragmentation.pcap

sebastien damaye, 04/10/2011 05:35 AM