Actions
Feature #744
closedTeredo configuration
Effort:
Difficulty:
Label:
Description
Teredo tunnel detection is difficult because of the protocol which is too limited.
To avoid miss detection, we can had a port parameter to avoid to run the detection on all flow. The configuration could look like that:
tunnel - teredo: enabled: yes|no ports: port1,port2|any
Updated by Peter Manev almost 12 years ago
wouldn't
ports: port1,port2|+*any*+
be just like it is now? (auto detection and no settings in yaml)
Most people would prefer auto proto detection.
or I am misinterpreting ?
Updated by Victor Julien about 8 years ago
- Target version changed from TBD to 70
Pcap in #990 is an example of misdetected teredo.
Updated by Victor Julien over 7 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Priority changed from High to Normal
- Target version changed from 70 to 4.0rc2
Updated by Victor Julien over 7 years ago
- Status changed from Assigned to Closed
https://github.com/inliniac/suricata/pull/2827 implements the option to disable
Updated by Victor Julien almost 5 years ago
- Copied to Feature #3546: Teredo port configuration added
Actions