From: Pierre Chifflier <chifflier@wzdftpd.net>
Date: Mon, 4 Mar 2019 17:45:38 +0000 (+0100)
Subject: rules: fix event names for ikev2 (weak authentication and DH parameters)
X-Git-Tag: suricata-5.0.0-beta1~157
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27b0775d279da00ab563e6335c2664da8e349e1f;p=thirdparty%2Fsuricata.git

rules: fix event names for ikev2 (weak authentication and DH parameters)
---

diff --git a/rules/ipsec-events.rules b/rules/ipsec-events.rules
index be5c30d1d8..07fc4c46d3 100644
--- a/rules/ipsec-events.rules
+++ b/rules/ipsec-events.rules
@@ -8,8 +8,8 @@ alert ikev2 any any -> any any (msg:"SURICATA IKEv2 malformed request data"; flo
 alert ikev2 any any -> any any (msg:"SURICATA IKEv2 malformed response data"; flow:to_client; app-layer-event:ikev2.malformed_data; classtype:protocol-command-decode; sid:2224001; rev:1;)
 alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Encryption)"; flow:to_client; app-layer-event:ikev2.weak_crypto_enc; classtype:protocol-command-decode; sid:2224002; rev:1;)
 alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (PRF)"; flow:to_client; app-layer-event:ikev2.weak_crypto_prf; classtype:protocol-command-decode; sid:2224003; rev:1;)
-alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Auth)"; flow:to_client; app-layer-event:ikev2.weak_crypto_prf; classtype:protocol-command-decode; sid:2224004; rev:1;)
-alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ikev2.weak_crypto_prf; classtype:protocol-command-decode; sid:2224005; rev:1;)
+alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Auth)"; flow:to_client; app-layer-event:ikev2.weak_crypto_auth; classtype:protocol-command-decode; sid:2224004; rev:2;)
+alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ikev2.weak_crypto_dh; classtype:protocol-command-decode; sid:2224005; rev:2;)
 alert ikev2 any any -> any any (msg:"SURICATA IKEv2 no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ikev2.weak_crypto_nodh; classtype:protocol-command-decode; sid:2224006; rev:1;)
 alert ikev2 any any -> any any (msg:"SURICATA IKEv2 no authentication"; flow:to_client; app-layer-event:ikev2.weak_crypto_noauth; classtype:protocol-command-decode; sid:2224007; rev:1;)
 alert ikev2 any any -> any any (msg:"SURICATA IKEv2 no encryption (AH)"; flow:to_client; app-layer-event:ikev2.no_encryption; classtype:protocol-command-decode; sid:2224008; rev:1;)