mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
More small weird refinements to reduce overload attacks.
This commit is contained in:
Seth Hall
parent
0cdcf490d6
commit
29bace02b2
1 changed files with 7 additions and 7 deletions
|
|
@ -51,7 +51,7 @@ export {
|
||||||
["active_connection_reuse"] = ACTION_LOG,
|
["active_connection_reuse"] = ACTION_LOG,
|
||||||
["bad_HTTP_reply"] = ACTION_LOG,
|
["bad_HTTP_reply"] = ACTION_LOG,
|
||||||
["bad_HTTP_version"] = ACTION_LOG,
|
["bad_HTTP_version"] = ACTION_LOG,
|
||||||
["bad_ICMP_checksum"] = ACTION_LOG,
|
["bad_ICMP_checksum"] = ACTION_LOG_PER_ORIG,
|
||||||
["bad_ident_port"] = ACTION_LOG,
|
["bad_ident_port"] = ACTION_LOG,
|
||||||
["bad_ident_reply"] = ACTION_LOG,
|
["bad_ident_reply"] = ACTION_LOG,
|
||||||
["bad_ident_request"] = ACTION_LOG,
|
["bad_ident_request"] = ACTION_LOG,
|
||||||
|
|
@ -61,12 +61,12 @@ export {
|
||||||
["bad_RPC"] = ACTION_LOG_PER_ORIG,
|
["bad_RPC"] = ACTION_LOG_PER_ORIG,
|
||||||
["bad_RPC_program"] = ACTION_LOG,
|
["bad_RPC_program"] = ACTION_LOG,
|
||||||
["bad_SYN_ack"] = ACTION_LOG,
|
["bad_SYN_ack"] = ACTION_LOG,
|
||||||
["bad_TCP_checksum"] = ACTION_LOG,
|
["bad_TCP_checksum"] = ACTION_LOG_PER_ORIG,
|
||||||
["bad_UDP_checksum"] = ACTION_LOG,
|
["bad_UDP_checksum"] = ACTION_LOG_PER_ORIG,
|
||||||
["baroque_SYN"] = ACTION_LOG,
|
["baroque_SYN"] = ACTION_LOG,
|
||||||
["base64_illegal_encoding"] = ACTION_LOG,
|
["base64_illegal_encoding"] = ACTION_LOG,
|
||||||
["connection_originator_SYN_ack"] = ACTION_LOG_PER_ORIG,
|
["connection_originator_SYN_ack"] = ACTION_LOG_PER_ORIG,
|
||||||
["corrupt_tcp_options"] = ACTION_NOTICE_PER_ORIG,
|
["corrupt_tcp_options"] = ACTION_LOG_PER_ORIG,
|
||||||
["crud_trailing_HTTP_request"] = ACTION_LOG,
|
["crud_trailing_HTTP_request"] = ACTION_LOG,
|
||||||
["data_after_reset"] = ACTION_LOG,
|
["data_after_reset"] = ACTION_LOG,
|
||||||
["data_before_established"] = ACTION_LOG,
|
["data_before_established"] = ACTION_LOG,
|
||||||
|
|
@ -95,7 +95,7 @@ export {
|
||||||
["excessive_RPC_len"] = ACTION_LOG_PER_ORIG,
|
["excessive_RPC_len"] = ACTION_LOG_PER_ORIG,
|
||||||
["FIN_advanced_last_seq"] = ACTION_LOG,
|
["FIN_advanced_last_seq"] = ACTION_LOG,
|
||||||
["FIN_after_reset"] = ACTION_IGNORE,
|
["FIN_after_reset"] = ACTION_IGNORE,
|
||||||
["FIN_storm"] = ACTION_NOTICE,
|
["FIN_storm"] = ACTION_NOTICE_PER_ORIG,
|
||||||
["HTTP_bad_chunk_size"] = ACTION_LOG,
|
["HTTP_bad_chunk_size"] = ACTION_LOG,
|
||||||
["HTTP_chunked_transfer_for_multipart_message"] = ACTION_LOG,
|
["HTTP_chunked_transfer_for_multipart_message"] = ACTION_LOG,
|
||||||
["HTTP_overlapping_messages"] = ACTION_LOG,
|
["HTTP_overlapping_messages"] = ACTION_LOG,
|
||||||
|
|
@ -160,7 +160,7 @@ export {
|
||||||
["RPC_rexmit_inconsistency"] = ACTION_LOG,
|
["RPC_rexmit_inconsistency"] = ACTION_LOG,
|
||||||
["RPC_underflow"] = ACTION_LOG,
|
["RPC_underflow"] = ACTION_LOG,
|
||||||
["RST_storm"] = ACTION_LOG,
|
["RST_storm"] = ACTION_LOG,
|
||||||
["RST_with_data"] = ACTION_LOG, # PC's do this
|
["RST_with_data"] = ACTION_LOG,
|
||||||
["simultaneous_open"] = ACTION_LOG_PER_CONN,
|
["simultaneous_open"] = ACTION_LOG_PER_CONN,
|
||||||
["spontaneous_FIN"] = ACTION_IGNORE,
|
["spontaneous_FIN"] = ACTION_IGNORE,
|
||||||
["spontaneous_RST"] = ACTION_IGNORE,
|
["spontaneous_RST"] = ACTION_IGNORE,
|
||||||
|
|
@ -204,7 +204,7 @@ export {
|
||||||
## These do indeed happen!
|
## These do indeed happen!
|
||||||
["fragment_with_DF"] = ACTION_LOG,
|
["fragment_with_DF"] = ACTION_LOG,
|
||||||
["incompletely_captured_fragment"] = ACTION_LOG,
|
["incompletely_captured_fragment"] = ACTION_LOG,
|
||||||
["bad_IP_checksum"] = ACTION_LOG,
|
["bad_IP_checksum"] = ACTION_LOG_PER_ORIG,
|
||||||
["bad_TCP_header_len"] = ACTION_LOG,
|
["bad_TCP_header_len"] = ACTION_LOG,
|
||||||
["internally_truncated_header"] = ACTION_LOG,
|
["internally_truncated_header"] = ACTION_LOG,
|
||||||
["truncated_IP"] = ACTION_LOG,
|
["truncated_IP"] = ACTION_LOG,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue