Project

General

Profile

Actions

Bug #159

closed

FP on suricata v0.9.0 and today git with icmp not size zero

Added by rmkml rmkml over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
First, thx you all for your good work!
I have a FP with joigned pcap:
09/03/08-08:15:15.425081 [**] [1:469:3] ICMP PING NMAP [**] [Classification: Attempted Information Leak] [Priority: 3] {1} 172.26.16.45:8 -> 172.26.9.163:0
I resend old signature id 469:
alert icmp any any -> any any (msg:"ICMP PING NMAP"; dsize:0; itype:8; classtype:attempted-recon; sid:469; rev:3;)
Anyone confirm this FP please? (alert with suricata v0.9.0 and suricata git today)
Regards
Rmkml


Files

suricatafpicmppingnmap14may2010.pcap (114 Bytes) suricatafpicmppingnmap14may2010.pcap rmkml rmkml, 05/14/2010 04:08 PM
Actions #1

Updated by Victor Julien over 14 years ago

  • Due date set to 05/21/2010
  • Assignee set to OISF Dev
  • Target version set to 0.9.1
  • Estimated time set to 2.50 h
Actions #2

Updated by rmkml rmkml over 14 years ago

Hi,
Since git on date 17 may, pb is resolved.
git today {20 may} (b629b7c5c1e2ad6c91b97b6708ad9ddc6a674502) is resolved again.
pb resolved.
Regards
Rmkml

Actions #3

Updated by Victor Julien over 14 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Estimated time changed from 2.50 h to 0.00 h

Original reporter reports that the issue is fixed, closing.

Actions

Also available in: Atom PDF