Project

General

Profile

Actions
Copy link

Bug #3328

closed

bad ip option evasion

Added by Nicolas Adba over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
5.0.1
Affected Versions:
5.0.0
Effort:
Difficulty:
Label:

Description

Suricata is vulnerable to bad ip option evasions.
Here are the pcaps of issue number 3286 with a bad ipv4 option.

I don't think it's exploitable in the wild because routers should drop the injected packets (I didn't test it thought).

Files

Download all files
with_evasion_windows.pcap (1.26 KB) with_evasion_windows.pcap Nicolas Adba, 11/07/2019 08:25 PM
with_evasion_linux.pcap (1.43 KB) with_evasion_linux.pcap Nicolas Adba, 11/07/2019 08:25 PM
without_evasion.pcap (1.01 KB) without_evasion.pcap Nicolas Adba, 11/07/2019 08:25 PM
test.rule (147 Bytes) test.rule Nicolas Adba, 11/07/2019 08:25 PM

Related issues 1 (0 open1 closed)

Copied to Suricata - Bug #3414: bad ip option evasion (4.1.x)ClosedJason IshActions
Actions
Copy link

Also available in: Atom PDF