Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

More small weird refinements to reduce overload attacks.

Browse source
This commit is contained in:
Seth Hall 2011-10-21 14:31:40 -04:00
parent 0cdcf490d6
commit 29bace02b2
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
scripts/base/frameworks/notice/weird.bro
View file

@ -51,7 +51,7 @@ export {
["active_connection_reuse"] = ACTION_LOG,
["bad_HTTP_reply"] = ACTION_LOG,
["bad_HTTP_version"] = ACTION_LOG,
["bad_ICMP_checksum"] = ACTION_LOG,
["bad_ICMP_checksum"] = ACTION_LOG_PER_ORIG,
["bad_ident_port"] = ACTION_LOG,
["bad_ident_reply"] = ACTION_LOG,
["bad_ident_request"] = ACTION_LOG,
@ -61,12 +61,12 @@ export {
["bad_RPC"] = ACTION_LOG_PER_ORIG,
["bad_RPC_program"] = ACTION_LOG,
["bad_SYN_ack"] = ACTION_LOG,
["bad_TCP_checksum"] = ACTION_LOG,
["bad_UDP_checksum"] = ACTION_LOG,
["bad_TCP_checksum"] = ACTION_LOG_PER_ORIG,
["bad_UDP_checksum"] = ACTION_LOG_PER_ORIG,
["baroque_SYN"] = ACTION_LOG,
["base64_illegal_encoding"] = ACTION_LOG,
["connection_originator_SYN_ack"] = ACTION_LOG_PER_ORIG,
["corrupt_tcp_options"] = ACTION_NOTICE_PER_ORIG,
["corrupt_tcp_options"] = ACTION_LOG_PER_ORIG,
["crud_trailing_HTTP_request"] = ACTION_LOG,
["data_after_reset"] = ACTION_LOG,
["data_before_established"] = ACTION_LOG,
@ -95,7 +95,7 @@ export {
["excessive_RPC_len"] = ACTION_LOG_PER_ORIG,
["FIN_advanced_last_seq"] = ACTION_LOG,
["FIN_after_reset"] = ACTION_IGNORE,
["FIN_storm"] = ACTION_NOTICE,
["FIN_storm"] = ACTION_NOTICE_PER_ORIG,
["HTTP_bad_chunk_size"] = ACTION_LOG,
["HTTP_chunked_transfer_for_multipart_message"] = ACTION_LOG,
["HTTP_overlapping_messages"] = ACTION_LOG,
@ -160,7 +160,7 @@ export {
["RPC_rexmit_inconsistency"] = ACTION_LOG,
["RPC_underflow"] = ACTION_LOG,
["RST_storm"] = ACTION_LOG,
["RST_with_data"] = ACTION_LOG, # PC's do this
["RST_with_data"] = ACTION_LOG,
["simultaneous_open"] = ACTION_LOG_PER_CONN,
["spontaneous_FIN"] = ACTION_IGNORE,
["spontaneous_RST"] = ACTION_IGNORE,
@ -204,7 +204,7 @@ export {
## These do indeed happen!
["fragment_with_DF"] = ACTION_LOG,
["incompletely_captured_fragment"] = ACTION_LOG,
["bad_IP_checksum"] = ACTION_LOG,
["bad_IP_checksum"] = ACTION_LOG_PER_ORIG,
["bad_TCP_header_len"] = ACTION_LOG,
["internally_truncated_header"] = ACTION_LOG,
["truncated_IP"] = ACTION_LOG,