Snort mailing list archives
Re: IPv6 rule options syntax
From: Martin Schütte <lists () mschuette name>
Date: Wed, 04 May 2011 13:33:29 +0200
On 05/04/11 07:30, 김무성 wrote:
Are there any options for IPv6 which already created or will be created. Example) IPv6 Hop Limit -> HL:50; Example) ICMPv6 type -> itype6:134
There are no IPv6 specific options (yet?). But nearly all fields are mapped to their IPv4 counterparts, so your examples are expressed with the rules: alert ip icmp any -> any any \ (msg:"IPv6 ICMP Router Advertisement"; itype:134; \ classtype:icmp-event; sid:2000001; rev:1;) alert ip any any -> any any \ (msg:"TTL or Hop Limit = 50"; ttl:50; \ classtype:attempted-recon; sid:2000002; rev:1;) BTW, I am currently writing an IPv6 preprocessor to detect more issues and to track autoconfiguration. It is not released yet, but feel free to contact me off list. -- Martin Schütte ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- IPv6 rule options syntax 김무성 (May 03)
- Re: IPv6 rule options syntax Martin Schütte (May 04)
- Re: IPv6 rule options syntax Steven Sturges (May 04)
- Re: IPv6 rule options syntax 김무성 (May 05)
- Re: IPv6 rule options syntax Steven Sturges (May 04)
- Re: IPv6 rule options syntax Martin Schütte (May 04)