Experts,
Requirement is to trigger ICMP large signature of payload length is more
than 1500. My solution was to configure ip-payload-length from 1501 to
65535.
ip-payload-length 1501-65535
signatures 2151 0
alert-severity high
engine atomic-ip
specify-ip-payload-length yes
But when I tested the configs signature was triggered only when I sent ping
with size of 1521. I configured it to be "ip-payload-length 1481-65535" and
then it was working as per the requirement.
Please help me to understand why signature was not triggered with 1501 as
minimum payload configured.
Thanks,
Ajay..
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 14 2009 - 15:46:25 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART