Bug #267: Problem with [ipvars] in icmp rule - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #267

closed

Problem with [ipvars] in icmp rule

Added by Edward Fjellskål almost 14 years ago. Updated almost 14 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

Trying out:
alert icmp $HOME_NET any -> [8.8.4.4,8.8.8.8] any (msg:"IDS is alive - ping google-dns test signature"; classtype:misc-activity; sid:30100000; reference:url,gamelinux.org; rev:1;)

The above rule does not fire...

Changing it to:
alert icmp $HOME_NET any -> any any (msg:"IDS is alive - ping test signature"; classtype:misc-activity; sid:30100001; reference:url,gamelinux.org; rev:1;)

This rule fires....

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #267

Problem with [ipvars] in icmp rule

Updated by Edward Fjellskål almost 14 years ago

Updated by Victor Julien almost 14 years ago