Permalink
Browse files

IPv4 allow valid echo request

  • Loading branch information...
mrash committed Mar 24, 2012
1 parent bc993a4 commit 87a8f3f58c5119e0a2fe789da112fc4388b57784
Showing with 21 additions and 1 deletion.
  1. +0 −1 test/scans/iptables/invalid_icmp_type_code
  2. +5 −0 test/scans/iptables/ipv4_valid_ping
  3. +16 −0 test/test-psad.pl
@@ -3,4 +3,3 @@ Mar 23 21:29:28 linux kernel: [1503547.179937] ICMP IN=eth0 OUT= MAC=23:87:fc:c6
Mar 23 21:29:29 linux kernel: [1503548.180078] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=25427 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=1024
Mar 23 21:29:30 linux kernel: [1503549.180231] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=43658 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=1280
Mar 23 21:29:31 linux kernel: [1503550.180389] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=28135 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=1536
-
@@ -0,0 +1,5 @@
+Mar 23 21:29:27 linux kernel: [1503546.179768] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=18443 PROTO=ICMP TYPE=8 CODE=0 ID=2158 SEQ=512
+Mar 23 21:29:28 linux kernel: [1503547.179937] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=59523 PROTO=ICMP TYPE=8 CODE=0 ID=2158 SEQ=768
+Mar 23 21:29:29 linux kernel: [1503548.180078] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=25427 PROTO=ICMP TYPE=8 CODE=0 ID=2158 SEQ=1024
+Mar 23 21:29:30 linux kernel: [1503549.180231] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=43658 PROTO=ICMP TYPE=8 CODE=0 ID=2158 SEQ=1280
+Mar 23 21:29:31 linux kernel: [1503550.180389] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=28135 PROTO=ICMP TYPE=8 CODE=0 ID=2158 SEQ=1536
View
@@ -21,6 +21,7 @@
my $ipv6_ping_scan_file = 'ipv6_ping_scan';
my $ipv6_invalid_icmp6_type_code_file = 'ipv6_invalid_icmp6_type_code';
my $ipv4_invalid_icmp6_type_code_file = 'invalid_icmp_type_code';
+my $ipv4_valid_ping = 'ipv4_valid_ping';
my $ignore_ipv4_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.55";
my $ignore_ipv4_subnet_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.0_24";
my $ignore_ipv6_addr_auto_dl_file = "$conf_dir/auto_dl_ignore_ipv6_addr";
@@ -530,6 +531,21 @@
'exec_err' => $NO,
'fatal' => $NO
},
+ {
+ 'category' => 'operations',
+ 'detail' => 'IPv4 allow valid ICMP echo request',
+ 'err_msg' => 'generated detection event',
+ 'negative_output_matches' => [
+ qr/Invalid\sICMP/,
+ qr/SRC\:\s+192.168.10.55/],
+ 'match_all' => $MATCH_ALL_RE,
+ 'function' => \&generic_exec,
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
+ &fw_type() . "/$ipv4_valid_ping -c $default_conf",
+ 'exec_err' => $NO,
+ 'fatal' => $NO
+ },
+
{
'category' => 'operations',
'detail' => 'IPv4 invalid ICMP type/code detection',

0 comments on commit 87a8f3f

Please sign in to comment.