Project

General

Profile

Actions
Copy link

Bug #267

closed

Problem with [ipvars] in icmp rule

Added by Edward Fjellskål almost 14 years ago. Updated almost 14 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Trying out:
alert icmp $HOME_NET any -> [8.8.4.4,8.8.8.8] any (msg:"IDS is alive - ping google-dns test signature"; classtype:misc-activity; sid:30100000; reference:url,gamelinux.org; rev:1;)

The above rule does not fire...

Changing it to:
alert icmp $HOME_NET any -> any any (msg:"IDS is alive - ping test signature"; classtype:misc-activity; sid:30100001; reference:url,gamelinux.org; rev:1;)

This rule fires....

Actions
Copy link
 #1

Updated by Edward Fjellskål almost 14 years ago

ohhh... crapz.... sårry with a big O...

For some reason, my interface reverted to not the one that I really use, so $HOME_NET did not match, cuz it did not see the package :/

A nice moment to test multiple interfaces though :)

E

Actions
Copy link
 #2

Updated by Victor Julien almost 14 years ago

  • Status changed from New to Rejected

Not an issue after all :)

Actions
Copy link

Also available in: Atom PDF