You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Sascha Steinbiss 1f8a5874fb rfb: never return error on unknown traffic We only try to parse a small subset of what is possible in RFB. Currently we only understand some standard auth schemes and stop parsing when the server-client handshake is complete. Since in IPS mode returning an error from the parser causes drops that are likely uncalled for, we do not want to return errors when we simply do not understand what happens in the traffic. This addresses Redmine #5912. Bug: #5912.		1 year ago
..
Makefile.am	rfb: never return error on unknown traffic	1 year ago
README.md	rules/readme: document sid ranges in source tree	2 years ago
app-layer-events.rules	app-layer: protocol change API	8 years ago
decoder-events.rules	rules: spelling	1 year ago
dhcp-events.rules	dhcp: add dhcp app-layer rules file	6 years ago
dnp3-events.rules	rules: add missing classtypes for event.rules	7 years ago
dns-events.rules	dns: parse and alert on invalid opcodes	2 years ago
files.rules	rules: spelling	1 year ago
ftp-events.rules	ftp: add events for command too long	2 years ago
http-events.rules	http: event on chunk extension	1 year ago
http2-events.rules	http2: limits the number of active transactions per flow	3 years ago
ipsec-events.rules	ike: set event for multiple server proposals	4 years ago
kerberos-events.rules	Kerberos 5: rename weak crypto to weak encryption, and log it	6 years ago
modbus-events.rules	rules: spelling	1 year ago
mqtt-events.rules	mqtt: raise event on parse error	3 years ago
nfs-events.rules	nfs: limits the number of active transactions per flow	3 years ago
ntp-events.rules	Add event rules for NTP events	7 years ago
quic-events.rules	quic: events and rules on them	2 years ago
rfb-events.rules	rfb: never return error on unknown traffic	1 year ago
smb-events.rules	smb: checks against nbss records length	2 years ago
smtp-events.rules	protocol-change: sets event in case of failure	2 years ago
ssh-events.rules	rules: add SSH decoder events rules	4 years ago
stream-events.rules	stream: accept and flag ack of ZWP data	2 years ago
tls-events.rules	rules/tls: sync with changes to the TLS events	4 years ago

README.md

Suricata Reserved SID Allocations

Unless otherwise noted, each component or protocol is allocated 1000 signature IDs.

Components

Component	Start	End
Decoder	2200000	2200999
Stream	2210000	2210999
Generic App-Layer	2260000	2260999

App-Layer Protocols

Protocol	Start	End
SMTP	2220000	2220999
HTTP	2221000	2221999
NTP	2222000	2222999
NFS	2223000	2223999
IPsec	2224000	2224999
SMB	2225000	2225999
Kerberos	2226000	2226999
DHCP	2227000	2227999
SSH	2228000	2228999
MQTT	2229000	2229999
TLS	2230000	2230999
QUIC	2231000	2231999
FTP	2232000	2232999
DNS	2240000	2240999
MODBUS	2250000	2250999
DNP3	2270000	2270999
HTTP2	2290000	2290999