Project

General

Profile

Actions

Feature #744

closed

Teredo configuration

Added by Eric Leblond about 11 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Teredo tunnel detection is difficult because of the protocol which is too limited.

To avoid miss detection, we can had a port parameter to avoid to run the detection on all flow. The configuration could look like that:

tunnel
  - teredo:
    enabled: yes|no
    ports: port1,port2|any

Related issues 1 (0 open1 closed)

Copied to Suricata - Feature #3546: Teredo port configurationClosedVictor JulienActions
Actions #1

Updated by Peter Manev about 11 years ago

wouldn't
ports: port1,port2|+*any*+

be just like it is now? (auto detection and no settings in yaml)

Most people would prefer auto proto detection.

or I am misinterpreting ?

Actions #2

Updated by Victor Julien over 10 years ago

  • Target version set to TBD
Actions #3

Updated by Andreas Herz about 8 years ago

  • Assignee set to OISF Dev
Actions #4

Updated by Victor Julien over 7 years ago

  • Target version changed from TBD to 70

Pcap in #990 is an example of misdetected teredo.

Actions #5

Updated by Victor Julien over 6 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Priority changed from High to Normal
  • Target version changed from 70 to 4.0rc2
Actions #6

Updated by Victor Julien over 6 years ago

  • Status changed from Assigned to Closed

https://github.com/inliniac/suricata/pull/2827 implements the option to disable

Actions #7

Updated by Victor Julien about 4 years ago

Actions

Also available in: Atom PDF