Commit Graph

10 Commits (6bccd5aa30c03debc92c1e910d5f0dd1c6a9cc58)

Author SHA1 Message Date
Jason Ish 2b1bbd08a3 rules/tls: sync with changes to the TLS events
Sync rules with event changes in commit
01aef49cbd.
5 years ago
Mats Klepsland 10c93221fa tls: increase max number of tls records per packet
Tls packets may contain several records. This increase the number
of allowed records per packet from 30 to 255, and adds a new and
more informative decoder event when this limit is reached.
9 years ago
Mats Klepsland 7c36b11a84 rules: add rule for HANDSHAKE_INVALID_LENGTH event 9 years ago
Mats Klepsland 33fd710367 rules: add rules for TLS SNI app layer events 10 years ago
Victor Julien db563ed4b0 tls: check SSL3/TLS version per record
Set event if SSL3/TLS record isn't within the acceptable range.
12 years ago
Victor Julien c5f43785f1 tls/heartbleed: add rule for invalid encrypted hb
Add rule to tls-events.rules to match on the invalid encrypted
heartbeat.
12 years ago
Pierre Chifflier d476c654ee TLS: add detection for malicious heartbeats (AKA heartbleed)
The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not
check the payload length correctly, resulting in a copy of at most 64k
of memory from the server (ref: CVE-2014-0160).
This patch adds support for decoding heartbeat messages (if not
encrypted), and checking several parts (type, length and padding).
When an anomaly is detected, a TLS event is raised.
12 years ago
Anoop Saldanha cd7f0273a2 Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record". 12 years ago
Victor Julien e3764b90c3 tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event. 14 years ago
Victor Julien e624c56c83 Add TLS decoder event rule file. 14 years ago