Re: [firestorm053] pb with rules: BAD TRAFFIC syn tomulticastaddress...

[rmkml <rmkml@xxxxxxxxxx>]

Hi Gianni,

thanks for reply,

I restarted tcpdump file tcpreplay,

and firestorm event:
bad traffic syn to multicast address
bad traffic loopback traffic

I decide will test original firestorm-nids053 on fbsd later ...

Regard.



Gianni Tedesco wrote:

> On Sun, 2003-06-22 at 19:32, Gianni Tedesco wrote:
> > On Sun, 2003-06-22 at 19:27, rmkml wrote:
> > > variable HOME_NET = EXTERNAL_NET = any ...
> > >
> > > I would seek later why...
> >
> > It is likely to be a real bug but a subtle one based on all the rules
> > you have loaded. Could you send me your entire rule set and config that
> > you have loaded when you see the problem?
>
> I've loaded all the rules and the config you sent me and still can't
> reproduce it. When I run this tcpdump file I get no alerts at all...
>
> Have you tested reproducing it from the tcpdump file and all the stuff
> you sent me?
>
> Thanks.
>
> --
> // Gianni Tedesco (gianni at scaramanga dot co dot uk)
> lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
> 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
>
>   ------------------------------------------------------------------------
>                        Name: signature.asc
>    signature.asc       Type: application/pgp-signature
>                 Description: This is a digitally signed message part