You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Philippe Antoine c1b7befb18 smb: checks against nbss records length When Suricata handles files over SMB, it does not wait for the NBSS record to be complete, and can stream the payload to the file... But it did not check the consistency of the SMB record length being read or written against the NBSS record length. This could lead to an evasion where an attacker crafts a SMB write with a too big Length field, and then sends its evil payload, even if the server returned an error for the write request. Ticket: #5770		3 years ago
..
Makefile.am	ftp: add events for command too long	3 years ago
README.md	rules/readme: document sid ranges in source tree	3 years ago
app-layer-events.rules	app-layer: protocol change API	9 years ago
decoder-events.rules	decoder: mention removal of udp.hlen_invalid sig	3 years ago
dhcp-events.rules	dhcp: add dhcp app-layer rules file	7 years ago
dnp3-events.rules	rules: add missing classtypes for event.rules	9 years ago
dns-events.rules	dns: parse and alert on invalid opcodes	3 years ago
files.rules	rules: fix files.rules typo	6 years ago
ftp-events.rules	ftp: add events for command too long	3 years ago
http-events.rules	protocol-change: sets event in case of failure	3 years ago
http2-events.rules	http2: limits the number of active transactions per flow	4 years ago
ipsec-events.rules	ike: set event for multiple server proposals	5 years ago
kerberos-events.rules	Kerberos 5: rename weak crypto to weak encryption, and log it	7 years ago
modbus-events.rules	rules: add missing classtypes for event.rules	9 years ago
mqtt-events.rules	mqtt: raise event on parse error	4 years ago
nfs-events.rules	nfs: limits the number of active transactions per flow	4 years ago
ntp-events.rules	Add event rules for NTP events	8 years ago
quic-events.rules	quic: events and rules on them	3 years ago
smb-events.rules	smb: checks against nbss records length	3 years ago
smtp-events.rules	protocol-change: sets event in case of failure	3 years ago
ssh-events.rules	rules: add SSH decoder events rules	6 years ago
stream-events.rules	stream/rules: disable depth rule by default	3 years ago
tls-events.rules	rules/tls: sync with changes to the TLS events	5 years ago

README.md

Suricata Reserved SID Allocations

Unless otherwise noted, each component or protocol is allocated 1000 signature IDs.

Components

Component	Start	End
Decoder	2200000	2200999
Stream	2210000	2210999
Generic App-Layer	2260000	2260999

App-Layer Protocols

Protocol	Start	End
SMTP	2220000	2220999
HTTP	2221000	2221999
NTP	2222000	2222999
NFS	2223000	2223999
IPsec	2224000	2224999
SMB	2225000	2225999
Kerberos	2226000	2226999
DHCP	2227000	2227999
SSH	2228000	2228999
MQTT	2229000	2229999
TLS	2230000	2230999
QUIC	2231000	2231999
FTP	2232000	2232999
DNS	2240000	2240999
MODBUS	2250000	2250999
DNP3	2270000	2270999
HTTP2	2290000	2290999