Snort mailing list archives

Previous By Date Next
Previous By Thread Next

IPv6 Alerts documentation & Disable alerts

From: Gabriel Corre <gabriel.corre () fr clara net>
Date: Wed, 12 Aug 2015 07:47:09 +0000
Hello,
I'm running snort 2.9.7.5 on a VPS (Debian 7.5).
I'm just trying some basics config and I'm receiving mainly this two alerts :

  *   [**] [116:278:1] (snort_decoder) WARNING: IPv6 packet with reserved multicast destination address [**]
[Classification: Generic Protocol Command Decode] [Priority: 3]header includes an invalid value for the "next header" 
field
  *   [**] [116:281:1] (snort_decoder) WARNING: IPv6 header includes an invalid value for the "next header" field [**]
[Classification: Generic Protocol Command Decode] [Priority: 3]
I failed to find where these alerts are described and also where to disable them.
I had "config ipv6_frag: bsd_icmp_frag_alert off, bad_ipv6_frag_alert off" into snort.conf but it didn't disable the 
alerts.
Any ideas?
Finally, [116:278:1] stand for [gid,sid,rev] ?
Regards,

--

Gabriel Corré

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: