Project

General

Profile

Actions
Copy link

Feature #744

closed

Teredo configuration

Added by Eric Leblond over 11 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.0rc2
Effort:
Difficulty:
Label:

Description

Teredo tunnel detection is difficult because of the protocol which is too limited.

To avoid miss detection, we can had a port parameter to avoid to run the detection on all flow. The configuration could look like that:

tunnel
  - teredo:
    enabled: yes|no
    ports: port1,port2|any

Related issues 1 (0 open1 closed)

Copied to Suricata - Feature #3546: Teredo port configurationClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Peter Manev over 11 years ago

wouldn't
ports: port1,port2|+*any*+

be just like it is now? (auto detection and no settings in yaml)

Most people would prefer auto proto detection.

or I am misinterpreting ?

Actions
Copy link
 #2

Updated by Victor Julien about 11 years ago

  • Target version set to TBD
Actions
Copy link
 #3

Updated by Andreas Herz almost 9 years ago

  • Assignee set to OISF Dev
Actions
Copy link
 #4

Updated by Victor Julien about 8 years ago

  • Target version changed from TBD to 70

Pcap in #990 is an example of misdetected teredo.

Actions
Copy link
 #5

Updated by Victor Julien over 7 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Priority changed from High to Normal
  • Target version changed from 70 to 4.0rc2
Actions
Copy link
 #6

Updated by Victor Julien over 7 years ago

  • Status changed from Assigned to Closed

https://github.com/inliniac/suricata/pull/2827 implements the option to disable

Actions
Copy link
 #7

Updated by Victor Julien over 4 years ago

Actions
Copy link

Also available in: Atom PDF