Since updating from 9.003-16 to 9.004-33 yesterday, I've started receiving a bunch of intrusion protection alerts for rules 459, 460, and 461. These rules warn about ICMP Type 1 and Type 2 packets, and the alerts are all being triggered by IPv6 traffic.
Now ICMP Types 1 and 2 are indeed reserved under IPv4, but they're perfectly valid under ICMPv6, being "Destination unreachable" and "Packet too big" respectively. ICMPv6 - Wikipedia, the free encyclopedia
So it seems that since the update, Snort is incorrectly applying IPv4 rules to IPv6 traffic. I've disabled those three rules for now, but I would welcome any insight into the best course of action.
Now ICMP Types 1 and 2 are indeed reserved under IPv4, but they're perfectly valid under ICMPv6, being "Destination unreachable" and "Packet too big" respectively. ICMPv6 - Wikipedia, the free encyclopedia
So it seems that since the update, Snort is incorrectly applying IPv4 rules to IPv6 traffic. I've disabled those three rules for now, but I would welcome any insight into the best course of action.