suricata

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Philippe Antoine 6cb6225b28 tcp: rejects FIN+SYN packets as invalid Ticket: #4569 If a FIN+SYN packet is sent, the destination may keep the connection alive instead of starting to close it. In this case, a later SYN packet will be ignored by the destination. Previously, Suricata considered this a session reuse, and thus used the sequence number of the last SYN packet, instead of using the one of the live connection, leading to evasion. This commit errors on FIN+SYN so that they do not get processed as regular FIN packets.		3 years ago
..
Makefile.am	rules: add newer rule files to makefile for release tarball	4 years ago
app-layer-events.rules	…
decoder-events.rules	ipv6: decoder event on invalid length	4 years ago
dhcp-events.rules	dhcp: add dhcp app-layer rules file	7 years ago
dnp3-events.rules	…
dns-events.rules	dns: cleanup: remove unused events	5 years ago
files.rules	rules: fix files.rules typo	5 years ago
http-events.rules	http/range: reassemble files from different flows with range	3 years ago
http2-events.rules	http2: follow range requests	3 years ago
ipsec-events.rules	ike: set event for multiple server proposals	4 years ago
kerberos-events.rules	…
modbus-events.rules	…
mqtt-events.rules	rules/mqtt: renumber mqtt events to avoid conflict with ssh	4 years ago
nfs-events.rules	…
ntp-events.rules	…
smb-events.rules	smb: adds file overlap event against evasions	4 years ago
smtp-events.rules	smtp/mime: Set event when name exceeds limit	5 years ago
ssh-events.rules	rules: add SSH decoder events rules	5 years ago
stream-events.rules	tcp: rejects FIN+SYN packets as invalid	3 years ago
tls-events.rules	rules/tls: sync with changes to the TLS events	5 years ago