You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Philippe Antoine 7bf48b02be http2: protection against decompression bombs Ticket: 8513 During decompression, fail early if we have a big decompression ratio, and enough data. Track this data also during a tx lifetime, and even a flow/state lifetime, so that we set event and fail also if the compression bomb is split over multiple packets		1 week ago
..
Makefile.am	bittorrent: add bittorrent-events.rules file	3 weeks ago
README.md	rules: SID allocation range is now documented in README.md	3 weeks ago
app-layer-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
bittorrent-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
decoder-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
dhcp-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
dnp3-events.rules	dnp3: bounds reassembly	1 week ago
dns-events.rules	dns: improved handling of corrupt additionals	1 year ago
enip-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
files.rules	rules: spelling	3 years ago
ftp-events.rules	ftp: add rule for too many transactions	2 weeks ago
http-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
http2-events.rules	http2: protection against decompression bombs	1 week ago
ipsec-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
kerberos-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
ldap-events.rules	ldap: bound the number of responses	1 week ago
mdns-events.rules	rules: add mdns rules	11 months ago
modbus-events.rules	rules/modbus: remove rule for event that not longer exists	2 years ago
mqtt-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
nfs-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
ntp-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
pgsql-events.rules	pgsql: add events	1 year ago
pop3-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
quic-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
rfb-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
smb-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
smtp-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
snmp-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
ssh-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
stream-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
tls-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago
websocket-events.rules	rules: SID allocation range is now documented in README.md	3 weeks ago

README.md

Suricata Reserved SID Allocations

See https://sidallocation.org/ for more information.

Unless otherwise noted, each component or protocol is allocated 1000 signature IDs.

Components

Component	Start	End
Decoder	2200000	2200999
Stream	2210000	2210999
Generic App-Layer	2260000	2260999

App-Layer Protocols

Protocol	Start	End
SMTP	2220000	2220999
HTTP	2221000	2221999
NTP	2222000	2222999
NFS	2223000	2223999
IPsec	2224000	2224999
SMB	2225000	2225999
Kerberos	2226000	2226999
DHCP	2227000	2227999
SSH	2228000	2228999
MQTT	2229000	2229999
TLS	2230000	2230999
QUIC	2231000	2231999
FTP	2232000	2232999
POP3	2236000	2236999
LDAP	2237000	2237999
SNMP	2238000	2238999
DNS	2240000	2240999
PGSQL	2241000	2241999
mDNS	2242000	2242999
Bittorent	2243000	2243999
MODBUS	2250000	2250999
DNP3	2270000	2270999
HTTP2	2290000	2290999