suricata

Commit Graph

Author	SHA1	Message	Date
Jason Ish	c98c49d4ba	dns: parse and alert on invalid opcodes Accept DNS messages with an invalid opcode that are otherwise valid. Such DNS message will create a parser event. This is a change of behavior, previously an invalid opcode would cause the DNS message to not be detected or parsed as DNS. Issue: #5444	2 years ago
Jason Ish	ca5a3f0f04	dns: cleanup: remove unused events Removed events that are no longer used since the Rust implementation of DNS: - UnsolicitedResponse - StateMemCapReached - Flooded	5 years ago
Andreas Herz	2aad2d605d	rules: add missing classtypes for event.rules	7 years ago
Jason Ish	b9ba792279	dns-events: fix direction of malformed events + typo	8 years ago
Victor Julien	df10559d80	dns: fix message of decoder rule 2240008 The message now reflects that the rule matches on: app-layer-event:dns.state_memcap_reached;	11 years ago
Victor Julien	657b83d238	dns: add event for when memcap is reached Raise event if state-memcap is reached for a flow.	11 years ago
Victor Julien	61cdd9be6b	dns: detect case of request flooding In the case where DNS requests are sent over the same flow w/o a reply being received, we now set an event in the flow and refuse to add more transactions to the state. This protects the DNS handling from getting overloaded slowing down everything. A new option to configure this behaviour was added: app-layer: protocols: dnsudp: enabled: yes detection-ports: udp: toserver: 53 request-flood: 750 The request-flood parameter can be 0 (disabling this feature) or a positive integer. It defaults to 500. This means that if 500 unreplied requests are seen in a row an event is set. Rule 2240007 was added to dns-events.rules to match on this.	11 years ago
Victor Julien	6229bfab5e	DNS: rename dns.rules to dns-events.rules, include it in yaml	11 years ago

8 Commits (15c4eb3d16b114610edf31f86f68ca2a093f81cf)