mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61cdd9be6b
In the case where DNS requests are sent over the same flow w/o a
reply being received, we now set an event in the flow and refuse
to add more transactions to the state. This protects the DNS
handling from getting overloaded slowing down everything.
A new option to configure this behaviour was added:
app-layer:
protocols:
dnsudp:
enabled: yes
detection-ports:
udp:
toserver: 53
request-flood: 750
The request-flood parameter can be 0 (disabling this feature) or a
positive integer. It defaults to 500.
This means that if 500 unreplied requests are seen in a row an event
is set. Rule 2240007 was added to dns-events.rules to match on this.
|
11 years ago | |
|---|---|---|
| .. | ||
| Makefile.am | ||
| decoder-events.rules | ||
| dns-events.rules | 11 years ago | |
| files.rules | ||
| http-events.rules | 11 years ago | |
| smtp-events.rules | ||
| stream-events.rules | ||
| tls-events.rules | ||