Netgate Store

Author Topic: Suricata & IPv6 Alerts  (Read 204 times)

0 Members and 1 Guest are viewing this topic.

Offline newUser2pfSense

  • Jr. Member
  • **
  • Posts: 46
  • Karma: +2/-0
    • View Profile
Suricata & IPv6 Alerts
« on: February 06, 2018, 04:37:32 pm »
Iíve installed and configured Suricata with no issues; currently only using it on the WAN.  For blocking, Iím using the Inline IPS Mode; it seems to be working so far.  In System / Advanced / Networking, Iíve unchecked Allow IPv6.

From the Suricata WAN Categories/Rules Iíve enabled, when I look at the Suricata Alerts, I see a lot of IPv6 addresses in the Src and Dst columns.  They seem to stem from entries in the decoder-events.rules:
SURICATA zero length padN option
SURICATA ICMPv6 unknown code
Sport 131 and 132 are used.

Iíve configured both entries for Rule action is drop.

Nevertheless, I thought I disabled IPv6.  I have no devices on my network configured for IPv6.  Any suggestions as to why Iím seeing these IPv6 addresses in the the Src and Dst columns of the Suricata Alerts section?  Thanks.