Project

General

Profile

Actions

Bug #2865

closed

Suricata rule sid:2224005 SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman) not works (4.1.x)

Added by Victor Julien over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This rule
alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ikev2.weak_crypto_prf; classtype:protocol-command-decode; sid:2224005; rev:1;)

Doesn't detect weak modp 1024 Diffie-Hellmann parameter

pcap file attached

  1. suricata --build-info
    This is Suricata version 4.1.0-dev (rev 8709a20d)

Files

IKEv2_SA_INIT_2-8-weak.pcap (308 Bytes) IKEv2_SA_INIT_2-8-weak.pcap Michal Vymazal, 03/04/2019 11:49 AM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #2861: Suricata rule sid:2224005 SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman) not worksClosedPierre ChifflierActions
Actions

Also available in: Atom PDF