[Snort-users] IPv6 Alerts documentation & Disable alerts
gabriel.corre at ...17281...
Wed Aug 12 03:47:09 EDT 2015
I'm running snort 22.214.171.124 on a VPS (Debian 7.5).
I'm just trying some basics config and I'm receiving mainly this two alerts :
* [**] [116:278:1] (snort_decoder) WARNING: IPv6 packet with reserved multicast destination address [**]
[Classification: Generic Protocol Command Decode] [Priority: 3]header includes an invalid value for the "next header" field
* [**] [116:281:1] (snort_decoder) WARNING: IPv6 header includes an invalid value for the "next header" field [**]
[Classification: Generic Protocol Command Decode] [Priority: 3]
I failed to find where these alerts are described and also where to disable them.
I had "config ipv6_frag: bsd_icmp_frag_alert off, bad_ipv6_frag_alert off" into snort.conf but it didn't disable the alerts.
Finally, [116:278:1] stand for [gid,sid,rev] ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users