aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stream/rules: disable depth rule by default

Browse Source
pull/7966/head
Victor Julien 3 years ago
parent aeb690317a
commit 2bc5c46158
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File

4
rules/stream-events.rules
Unescape Escape View File

@ -98,6 +98,8 @@ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:
# Disabled by default as this quite common and not malicious. # Disabled by default as this quite common and not malicious.
#alert tcp any any -> any any (msg:"SURICATA STREAM spurious retransmission"; stream-event:pkt_spurious_retransmission; classtype:protocol-command-decode; sid:2210061; rev:1;) #alert tcp any any -> any any (msg:"SURICATA STREAM spurious retransmission"; stream-event:pkt_spurious_retransmission; classtype:protocol-command-decode; sid:2210061; rev:1;)
alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;) # Depth setting reached for a stream. Very common in normal traffic, so disable by default.
#alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;)
# next sid 2210063 # next sid 2210063

Write Preview
Loading…
Cancel
Save