Project

General

Profile

Actions

Bug #3414

closed

bad ip option evasion (4.1.x)

Added by Victor Julien about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata is vulnerable to bad ip option evasions.
Here are the pcaps of issue number 3286 with a bad ipv4 option.

I don't think it's exploitable in the wild because routers should drop the injected packets (I didn't test it thought).


Files

with_evasion_windows.pcap (1.26 KB) with_evasion_windows.pcap Nicolas Adba, 11/07/2019 08:25 PM
with_evasion_linux.pcap (1.43 KB) with_evasion_linux.pcap Nicolas Adba, 11/07/2019 08:25 PM
without_evasion.pcap (1.01 KB) without_evasion.pcap Nicolas Adba, 11/07/2019 08:25 PM
test.rule (147 Bytes) test.rule Nicolas Adba, 11/07/2019 08:25 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3328: bad ip option evasionClosedJason IshActions
Actions

Also available in: Atom PDF