Skip to content
Browse files

added IPv4 ICMP type/code validation test

  • Loading branch information...
1 parent 1a2761f commit b27fe06d1f159d378ae9192134425d24c087eb20 @mrash committed Mar 23, 2012
Showing with 21 additions and 0 deletions.
  1. +6 −0 test/scans/iptables/invalid_icmp_type_code
  2. +15 −0 test/test-psad.pl
View
6 test/scans/iptables/invalid_icmp_type_code
@@ -0,0 +1,6 @@
+Mar 23 21:29:27 minastirith kernel: [1503546.179768] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=18443 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=512
+Mar 23 21:29:28 minastirith kernel: [1503547.179937] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=59523 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=768
+Mar 23 21:29:29 minastirith kernel: [1503548.180078] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=25427 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=1024
+Mar 23 21:29:30 minastirith kernel: [1503549.180231] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=43658 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=1280
+Mar 23 21:29:31 minastirith kernel: [1503550.180389] ICMP IN=eth0 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=28135 PROTO=ICMP TYPE=8 CODE=2 ID=2158 SEQ=1536
+
View
15 test/test-psad.pl
@@ -20,6 +20,7 @@
my $ipv6_connect_scan_file = 'ipv6_tcp_connect_nmap_default_scan';
my $ipv6_ping_scan_file = 'ipv6_ping_scan';
my $ipv6_invalid_icmp6_type_code_file = 'ipv6_invalid_icmp6_type_code';
+my $ipv4_invalid_icmp6_type_code_file = 'invalid_icmp_type_code';
my $ignore_ipv4_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.55";
my $ignore_ipv4_subnet_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.0_24";
my $ignore_ipv6_addr_auto_dl_file = "$conf_dir/auto_dl_ignore_ipv6_addr";
@@ -529,6 +530,20 @@
'exec_err' => $NO,
'fatal' => $NO
},
+ {
+ 'category' => 'operations',
+ 'detail' => 'IPv4 invalid ICMP type/code detection',
+ 'err_msg' => 'did not generate detection event',
+ 'positive_output_matches' => [
+ qr/Invalid\sICMP/,
+ qr/SRC\:\s+192.168.10.55/],
+ 'match_all' => $MATCH_ALL_RE,
+ 'function' => \&generic_exec,
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
+ &fw_type() . "/$ipv4_invalid_icmp6_type_code_file -c $default_conf",
+ 'exec_err' => $NO,
+ 'fatal' => $NO
+ },
{
'category' => 'operations',

0 comments on commit b27fe06

Please sign in to comment.
Something went wrong with that request. Please try again.