aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

modbus: disable by default

Browse Source
pull/1784/head
Jason Ish 9 years ago committed by Victor Julien
parent 538f37bd38
commit d87a60f3cc
2 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File

14
src/app-layer-modbus.c
Unescape Escape View File

@ -1427,21 +1427,13 @@ void RegisterModbusParsers(void)
STREAM_TOSERVER,
ModbusProbingParser);
} else {
/* if we have no config, we enable the default port 502 */
/* If there is no app-layer section for Modbus, silently
* leave it disabled. */
if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
proto_name, ALPROTO_MODBUS,
0, sizeof(ModbusHeader),
ModbusProbingParser)) {
SCLogWarning(SC_ERR_MODBUS_CONFIG, "no Modbus TCP config found, "
"enabling Modbus detection on "
"port 502.");
AppLayerProtoDetectPPRegister(IPPROTO_TCP,
"502",
ALPROTO_MODBUS,
0, sizeof(ModbusHeader),
STREAM_TOSERVER,
ModbusProbingParser);
return;
}
}

4
suricata.yaml.in
Unescape Escape View File

@ -1171,7 +1171,7 @@ rule-files:
- smtp-events.rules # available in suricata sources under rules dir
- dns-events.rules # available in suricata sources under rules dir
- tls-events.rules # available in suricata sources under rules dir
- modbus-events.rules # available in suricata sources under rules dir
# - modbus-events.rules # available in suricata sources under rules dir
- app-layer-events.rules # available in suricata sources under rules dir
classification-file: @e_sysconfdir@classification.config
@ -1350,7 +1350,7 @@ app-layer:
# If the limit is reached, app-layer-event:modbus.flooded; will match.
#request-flood: 500
enabled: yes
enabled: no
detection-ports:
dp: 502
# According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it

Write Preview
Loading…
Cancel
Save