Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Anyone know what the following alert means? SURICATA HTTP Request unrecognized authorization method

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    3
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      code4food23
      last edited by code4food23

      The destination IP is an IPv6 address that resolves to
      g2600-1307-bc00-018f0000-0000-26e7.deploy.static.akamaitechnologies.com

      Does anyone know the nature behind this alert?

      The source IPv6 address isnt in my NDP table. So I'm unsure which device triggered. Is there to find this out? From my understanding devices also use temporary IPv6 addresses, so could this be the reason?

      EveningStarNME 1 Reply Last reply Reply Quote 0
      • EveningStarNME
        EveningStarNM @code4food23
        last edited by

        @code4food23 This alert is generated when "Basic" or some unrecognized authentication method is specified in the header. I see this a lot with Verizon devices when they try to call home to mamma (Verizon) or papa (i.e., Apple) . I've read a lot of comments from people who consider it to be a false positive, and I've suppressed that rule because it annoys me. But tbh, I'd like an option to suppress only /reporting/ of a block or alert for certain rules and not the block or alert itself, but requests like that may be why some developers hate my guts.

        C 1 Reply Last reply Reply Quote 1
        • C
          code4food23 @EveningStarNM
          last edited by

          @eveningstarnm Thanks a lot for your feedback!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.