You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Victor Julien 61cdd9be6b dns: detect case of request flooding ... In the case where DNS requests are sent over the same flow w/o a reply being received, we now set an event in the flow and refuse to add more transactions to the state. This protects the DNS handling from getting overloaded slowing down everything. A new option to configure this behaviour was added: app-layer: protocols: dnsudp: enabled: yes detection-ports: udp: toserver: 53 request-flood: 750 The request-flood parameter can be 0 (disabling this feature) or a positive integer. It defaults to 500. This means that if 500 unreplied requests are seen in a row an event is set. Rule 2240007 was added to dns-events.rules to match on this.		11 years ago
..
Makefile.am	DNS: rename dns.rules to dns-events.rules, include it in yaml	12 years ago
decoder-events.rules	vlan: add rule for new 'too many layers' event	12 years ago
dns-events.rules	dns: detect case of request flooding	11 years ago
files.rules	file handling: add example files.rules file	13 years ago
http-events.rules	http: add new events for invalid host header and host part of uri	12 years ago
smtp-events.rules	Add example smtp decoding events rules file.	13 years ago
stream-events.rules	stream: handle extra different SYN/ACK	12 years ago
tls-events.rules	Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".	12 years ago