Project

General

Profile

Actions
Copy link

Bug #340

closed
RR AS

FN on sig contains ip proto negate please

Bug #340: FN on sig contains ip proto negate please

Added by rmkml rmkml over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
High
Assignee:
Anoop Saldanha
Target version:
1.0.6
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
Anyone fix this FN please?:
alert ip any any -> any any (msg:"test ip proto 1"; ip_proto:219; classtype:non-standard-protocol; sid:999991; rev:1;)
Joigned pcap file: ok suricata v105 fire.

ok next sig contains ip proto negate:
alert ip any any -> any any (msg:"test ip proto 2"; ip_proto:!1; classtype:non-standard-protocol; sid:999992; rev:1;)
on this: suricata v105 not fire (of course, snort fire).
Regards
Rmkml

Files

exemple_ipproto219_scan.pcap (74 Bytes) exemple_ipproto219_scan.pcap rmkml rmkml, 10/06/2011 04:56 AM

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
 #1

  • Due date set to 10/11/2011
  • Status changed from New to Assigned
  • Assignee set to Anoop Saldanha
  • Priority changed from Normal to High
  • Target version set to 1.1beta3
  • Estimated time set to 4.00 h

Anoop, can you check this out? Thanks!

AS Updated by Anoop Saldanha over 14 years ago Actions
Copy link
 #2

Victor Julien wrote:

Anoop, can you check this out? Thanks!

Sure

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
 #3

  • Due date changed from 10/11/2011 to 10/25/2011
  • Target version changed from 1.1beta3 to 1.0.6

Fixed for the current git master. Retargeting to 1.0.6 so we can fix it there as well.

AS Updated by Anoop Saldanha over 14 years ago Actions
Copy link
 #4

  • Status changed from Assigned to Resolved

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
 #5

  • Status changed from Resolved to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: PDF Atom