Snort mailing list archives
IPv6 Alerts documentation & Disable alerts
From: Gabriel Corre <gabriel.corre () fr clara net>
Date: Wed, 12 Aug 2015 07:47:09 +0000
Hello, I'm running snort 2.9.7.5 on a VPS (Debian 7.5). I'm just trying some basics config and I'm receiving mainly this two alerts : * [**] [116:278:1] (snort_decoder) WARNING: IPv6 packet with reserved multicast destination address [**] [Classification: Generic Protocol Command Decode] [Priority: 3]header includes an invalid value for the "next header" field * [**] [116:281:1] (snort_decoder) WARNING: IPv6 header includes an invalid value for the "next header" field [**] [Classification: Generic Protocol Command Decode] [Priority: 3] I failed to find where these alerts are described and also where to disable them. I had "config ipv6_frag: bsd_icmp_frag_alert off, bad_ipv6_frag_alert off" into snort.conf but it didn't disable the alerts. Any ideas? Finally, [116:278:1] stand for [gid,sid,rev] ? Regards, -- Gabriel Corré
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- IPv6 Alerts documentation & Disable alerts Gabriel Corre (Aug 12)
- Re: IPv6 Alerts documentation & Disable alerts Al Lewis (allewi) (Aug 12)
- Re: IPv6 Alerts documentation & Disable alerts Gabriel Corre (Aug 12)
- Re: IPv6 Alerts documentation & Disable alerts Al Lewis (allewi) (Aug 12)