Project

General

Custom queries

Profile

Actions
Copy link

Bug #340

closed

FN on sig contains ip proto negate please

Added by rmkml rmkml over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
High
Assignee:
Anoop Saldanha
Target version:
1.0.6
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
Anyone fix this FN please?:
alert ip any any -> any any (msg:"test ip proto 1"; ip_proto:219; classtype:non-standard-protocol; sid:999991; rev:1;)
Joigned pcap file: ok suricata v105 fire.

ok next sig contains ip proto negate:
alert ip any any -> any any (msg:"test ip proto 2"; ip_proto:!1; classtype:non-standard-protocol; sid:999992; rev:1;)
on this: suricata v105 not fire (of course, snort fire).
Regards
Rmkml

Files

exemple_ipproto219_scan.pcap (74 Bytes) exemple_ipproto219_scan.pcap rmkml rmkml, 10/06/2011 04:56 AM
Actions
Copy link
 #1

Updated by Victor Julien over 13 years ago

  • Due date set to 10/11/2011
  • Status changed from New to Assigned
  • Assignee set to Anoop Saldanha
  • Priority changed from Normal to High
  • Target version set to 1.1beta3
  • Estimated time set to 4.00 h

Anoop, can you check this out? Thanks!

Actions
Copy link
 #2

Updated by Anoop Saldanha over 13 years ago

Victor Julien wrote:

Anoop, can you check this out? Thanks!

Sure

Actions
Copy link
 #3

Updated by Victor Julien over 13 years ago

  • Due date changed from 10/11/2011 to 10/25/2011
  • Target version changed from 1.1beta3 to 1.0.6

Fixed for the current git master. Retargeting to 1.0.6 so we can fix it there as well.

Actions
Copy link

Also available in: Atom PDF