You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
suricata/rules
Philippe Antoine 392b6aee29 http1: limit the number of compression bombs per flow
Ticket: 8694

Otherwise, a flow full of small compression bombs is too slow
to process.

When the threshold is reached, decompression is skipped for the
rest of the flow.
3 days ago
..
Makefile.am rules: add sip-events.rules 4 weeks ago
README.md rules: add sip-events.rules 4 weeks ago
app-layer-events.rules rules: SID allocation range is now documented in README.md 2 months ago
bittorrent-events.rules rules: SID allocation range is now documented in README.md 2 months ago
decoder-events.rules rules: SID allocation range is now documented in README.md 2 months ago
dhcp-events.rules rules: SID allocation range is now documented in README.md 2 months ago
dnp3-events.rules dnp3: bounds reassembly 2 months ago
dns-events.rules dns: improved handling of corrupt additionals 2 years ago
enip-events.rules rules: SID allocation range is now documented in README.md 2 months ago
files.rules rules: spelling 3 years ago
ftp-events.rules ftp: do not error the flow on file before port 3 weeks ago
http-events.rules http1: limit the number of compression bombs per flow 3 days ago
http2-events.rules http2: protection against decompression bombs 2 months ago
ipsec-events.rules rules: SID allocation range is now documented in README.md 2 months ago
kerberos-events.rules rules: SID allocation range is now documented in README.md 2 months ago
ldap-events.rules ldap: bound the number of responses 2 months ago
mdns-events.rules rules: add mdns rules 1 year ago
modbus-events.rules rules/modbus: remove rule for event that not longer exists 2 years ago
mqtt-events.rules mqtt: bounds number of messages per tx 3 days ago
nfs-events.rules rules: SID allocation range is now documented in README.md 2 months ago
ntp-events.rules rules: SID allocation range is now documented in README.md 2 months ago
pgsql-events.rules pgsql: add events 1 year ago
pop3-events.rules rules: SID allocation range is now documented in README.md 2 months ago
quic-events.rules rules: SID allocation range is now documented in README.md 2 months ago
rfb-events.rules rules: SID allocation range is now documented in README.md 2 months ago
sctp-events.rules decoder/sctp: extend decoder 4 weeks ago
sip-events.rules rules: add sip-events.rules 4 weeks ago
smb-events.rules rules: SID allocation range is now documented in README.md 2 months ago
smtp-events.rules rules: SID allocation range is now documented in README.md 2 months ago
snmp-events.rules rules: SID allocation range is now documented in README.md 2 months ago
ssh-events.rules rules: SID allocation range is now documented in README.md 2 months ago
stream-events.rules rules: SID allocation range is now documented in README.md 2 months ago
tls-events.rules rules: SID allocation range is now documented in README.md 2 months ago
websocket-events.rules rules: SID allocation range is now documented in README.md 2 months ago

README.md

Suricata Reserved SID Allocations

See https://sidallocation.org/ for more information.

Unless otherwise noted, each component or protocol is allocated 1000 signature IDs.

Components

Component Start End
Decoder 2200000 2200999
Firewall 2201000 2201999
Stream 2210000 2210999
Generic App-Layer 2260000 2260999

App-Layer Protocols

Protocol Start End
SMTP 2220000 2220999
HTTP 2221000 2221999
NTP 2222000 2222999
NFS 2223000 2223999
IPsec 2224000 2224999
SMB 2225000 2225999
Kerberos 2226000 2226999
DHCP 2227000 2227999
SSH 2228000 2228999
MQTT 2229000 2229999
TLS 2230000 2230999
QUIC 2231000 2231999
FTP 2232000 2232999
POP3 2236000 2236999
LDAP 2237000 2237999
SNMP 2238000 2238999
SCTP 2239000 2239999
DNS 2240000 2240999
PGSQL 2241000 2241999
mDNS 2242000 2242999
Bittorent 2243000 2243999
MODBUS 2250000 2250999
DNP3 2270000 2270999
SIP 2280000 2280999
HTTP2 2290000 2290999