aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add event rules for NTP events

Browse Source
pull/2814/head
Pierre Chifflier 8 years ago committed by Victor Julien
parent 8a0549c42e
commit 79ed8c2dd3
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
rules/Makefile.am
Unescape Escape View File

@ -8,4 +8,5 @@ tls-events.rules \
modbus-events.rules \
app-layer-events.rules \
files.rules \
dnp3-events.rules
dnp3-events.rules \
ntp-events.rules

8
rules/ntp-events.rules
Unescape Escape View File

@ -0,0 +1,8 @@
# NTP app layer event rules
#
# SID's fall in the 2222000+ range. See https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer
#
# These sigs fire at most once per connection.
#
alert ntp any any -> any any (msg:"SURICATA NTP malformed request data"; flow:to_server; app-layer-event:ntp.malformed_data; classtype:protocol-command-decode; sid:2222000; rev:1;)
alert ntp any any -> any any (msg:"SURICATA NTP malformed response data"; flow:to_client; app-layer-event:ntp.malformed_data; classtype:protocol-command-decode; sid:2222001; rev:1;)
Write Preview
Loading…
Cancel
Save