| Anonymous | Login | 2024-11-22 23:15 EST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0000541 | PacketFence | IDS | public | 2009-01-21 11:54 | 2012-06-14 12:23 | |||
| Reporter | aarchi10 | |||||||
| Assigned To | fgaudreault | |||||||
| Priority | normal | Severity | feature | Reproducibility | always | |||
| Status | closed | Resolution | won't fix | |||||
| Platform | OS | OS Version | ||||||
| Product Version | ||||||||
| Target Version | Fixed in Version | |||||||
| Summary | 0000541: pfdetect_remote only validates source IPs but not destination IPs | |||||||
| Description | it should validate destination IPs too and send the good IP to PF | |||||||
| Tags | No tags attached. | |||||||
| fixed in git revision | ||||||||
| fixed in mtn revision | ||||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0001025) user4 2009-01-21 19:33 |
We probably do not want to systematically send alerts for destination IPs. Simply imagine the case where a node does a host scan. We want to isolate the source node, but surely not all the destination IPs, otherwise we'll isolate possibly the whole subnet. So, my suggestion would be to introduce a new DetectDest keyword : Detect::... isolates the source IP, DetectDest:: isolates the destination IP of the snort alert What do you think ? |
|
(0002406) fgaudreault (viewer) 2011-10-31 10:32 |
pfdetect_remote doesn't care about the ip, it only relay the alert to PF. Checking destination IP is not a valid scenario to me, we do not want to isolate someone that is a victim. Re-open if you see a better use case. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-01-21 11:54 | rbalzard | New Issue | |
| 2009-01-21 13:35 | user4 | Status | new => assigned |
| 2009-01-21 13:35 | user4 | Assigned To | => user4 |
| 2009-01-21 19:33 | user4 | Note Added: 0001025 | |
| 2009-01-21 19:33 | user4 | Assigned To | user4 => rbalzard |
| 2009-01-21 19:33 | user4 | Status | assigned => feedback |
| 2009-01-26 09:03 | user4 | Category | 1.8.0 => 1.8.1 |
| 2009-01-26 09:04 | user4 | Severity | minor => feature |
| 2009-03-03 15:22 | user4 | Category | 1.8.1 => 1.8.2 |
| 2009-04-13 13:39 | user4 | Category | 1.8.2 => 1.8.3 |
| 2009-06-05 08:52 | user4 | Project | PacketFence => PacketFence 1.9 |
| 2010-04-15 17:43 | obilodeau | Project | PacketFence 1.9 => PacketFence |
| 2011-01-18 11:41 | obilodeau | Target Version | => 2.1.0 |
| 2011-03-03 15:15 | obilodeau | Target Version | 2.1.0 => +1 |
| 2011-03-03 15:18 | obilodeau | Target Version | +1 => +2 |
| 2011-03-07 11:07 | obilodeau | Reporter | rbalzard => aarchi10 |
| 2011-03-07 11:07 | obilodeau | Assigned To | rbalzard => |
| 2011-03-07 11:07 | obilodeau | Category | => IDS |
| 2011-10-31 10:32 | fgaudreault | Note Added: 0002406 | |
| 2011-10-31 10:32 | fgaudreault | Status | feedback => resolved |
| 2011-10-31 10:32 | fgaudreault | Resolution | open => won't fix |
| 2011-10-31 10:32 | fgaudreault | Assigned To | => fgaudreault |
| 2011-12-30 23:48 | obilodeau | Target Version | +2 => |
| 2012-06-14 12:23 | obilodeau | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |