Project

General

Profile

Actions
Copy link

Bug #3414

closed

bad ip option evasion (4.1.x)

Added by Victor Julien almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
4.1.6
Affected Versions:
4.1.5
Effort:
Difficulty:
Label:

Description

Suricata is vulnerable to bad ip option evasions.
Here are the pcaps of issue number 3286 with a bad ipv4 option.

I don't think it's exploitable in the wild because routers should drop the injected packets (I didn't test it thought).

Files

Download all files
with_evasion_windows.pcap (1.26 KB) with_evasion_windows.pcap Nicolas Adba, 11/07/2019 08:25 PM
with_evasion_linux.pcap (1.43 KB) with_evasion_linux.pcap Nicolas Adba, 11/07/2019 08:25 PM
without_evasion.pcap (1.01 KB) without_evasion.pcap Nicolas Adba, 11/07/2019 08:25 PM
test.rule (147 Bytes) test.rule Nicolas Adba, 11/07/2019 08:25 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3328: bad ip option evasionClosedJason IshActions
Actions
Copy link

Also available in: Atom PDF