Project

General

Profile

Actions
Copy link

Bug #689

closed

FN: IP-only rule ip_proto not matching for some protocols

Added by Victor Julien over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.4.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

IPv4 packet with protocol 41 didn't match on:

alert ip any any -> any any (ip_proto:41; sid:1;)

This is because it is considered an IP-only rule, but protocol check for IP-only is broken.

Actions
Copy link

Also available in: Atom PDF