Bug #159: FP on suricata v0.9.0 and today git with icmp not size zero - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #159

closed

FP on suricata v0.9.0 and today git with icmp not size zero

Added by rmkml rmkml over 14 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

0.9.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Hi,
First, thx you all for your good work!
I have a FP with joigned pcap:
09/03/08-08:15:15.425081 [**] [1:469:3] ICMP PING NMAP [**] [Classification: Attempted Information Leak] [Priority: 3] {1} 172.26.16.45:8 -> 172.26.9.163:0
I resend old signature id 469:
alert icmp any any -> any any (msg:"ICMP PING NMAP"; dsize:0; itype:8; classtype:attempted-recon; sid:469; rev:3;)
Anyone confirm this FP please? (alert with suricata v0.9.0 and suricata git today)
Regards
Rmkml

Files

suricatafpicmppingnmap14may2010.pcap (114 Bytes) suricatafpicmppingnmap14may2010.pcap

rmkml rmkml, 05/14/2010 04:08 PM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #159

FP on suricata v0.9.0 and today git with icmp not size zero

Updated by Victor Julien over 14 years ago

Updated by rmkml rmkml over 14 years ago

Updated by Victor Julien over 14 years ago