[Snort-users] IPV6 settings for snort

Joel Esler (jesler) jesler at cisco.com
Mon Nov 20 08:54:20 EST 2017


Please keep list traffic on the list.

These look like bro keyword options, not Snort.

I can only assume you got these rules from: https://github.com/mschuett/spp_ipv6_test/blob/master/ipv6.rules or similar?

--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Nov 19, 2017, at 8:26 AM, ayman shabour <shabour313 at hotmail.com<mailto:shabour313 at hotmail.com>> wrote:



alert icmp any any -> any any ( ipv: 6; icmp6_nd;                   \
  icmp6_nd_option: >10; icmp6_nd_option: <15;                    \
  msg:"ICMPv6/NDP with SEND option"; sid:124806; rev:1;)
_____________________________________________________

alert icmp any any -> any any (ipv: 6; itype: 136;                 \
   detection_filter: track by_dst, count 20, seconds 1;           \
   msg:"ICMPv6/NA flooding";     sid:124852; rev:1;)
_________________________________________________________

alert ip icmp any   -> any any                       \
(msg:"IPV6 ICMP Echo-Request ?"; itype : 128;         \
classtype : icmp -event ; sid : 2000001; rev:1;)


_________________________________________

erros come up when  snort -i -1 -c c:\snort\etc\snort.conf  -A console

errors in ipv      also in   ip



________________________________________
من: Joel Esler (jesler) [jesler at cisco.com<mailto:jesler at cisco.com>]
‏‏تم الإرسال: 19 نوفمبر, 2017 5:41 ص
إلى: ayman shabour
نسخة: snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>
‏‏الموضوع: Re: [Snort-users]  IPV6 settings for snort

Can you provide an example of what you are trying to do?


--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com><mailto:jesler at cisco.com>






On Nov 18, 2017, at 2:26 PM, ayman shabour via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org><mailto:snort-users at lists.snort.org>> wrote:


The snort installed and tested in windows7
Snort ver 2.9.11


Begin forwarded message:

From: ayman shabour via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org><mailto:snort-users at lists.snort.org>>
Date: November 18, 2017 at 11:17:00 AM GMT+3
To: "snort-users at lists.snort.org<mailto:snort-users at lists.snort.org><mailto:snort-users at lists.snort.org>" <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org><mailto:snort-users at lists.snort.org>>
Subject: [Snort-users] IPV6 settings for snort
Reply-To: ayman shabour <shabour313 at hotmail.com<mailto:shabour313 at hotmail.com><mailto:shabour313 at hotmail.com>>


dear Snort users

hi every one

Im new at snort app, i did  configuration  and testing its work fine

when i try to test rules for IPV6  its stopped with error in word  (ipv)  or  (ip)

so any change need in settings  to work with IPV6 ??  please advise

_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org><mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171120/b1ee70ee/attachment.html>


More information about the Snort-users mailing list