diff --git a/rules/dns-events.rules b/rules/dns-events.rules index d4c02b5c2f78..6629c347ec4d 100644 --- a/rules/dns-events.rules +++ b/rules/dns-events.rules @@ -2,9 +2,9 @@ alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_server; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240002; rev:2;) alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_client; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240003; rev:2;) # Response flag set on to_server packet -alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; classtype:protocol-command-decode; sid:2240004; rev:2;) +alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_request; classtype:protocol-command-decode; sid:2240004; rev:2;) # Response flag not set on to_client packet -alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; classtype:protocol-command-decode; sid:2240005; rev:2;) +alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_response; classtype:protocol-command-decode; sid:2240005; rev:2;) # Z flag (reserved) not 0 alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; classtype:protocol-command-decode; sid:2240006; rev:2;) alert dns any any -> any any (msg:"SURICATA DNS Invalid opcode"; app-layer-event:dns.invalid_opcode; classtype:protocol-command-decode; sid:2240007; rev:1;) diff --git a/rules/ipsec-events.rules b/rules/ipsec-events.rules index ccfd65145c57..8ffc6674a083 100644 --- a/rules/ipsec-events.rules +++ b/rules/ipsec-events.rules @@ -10,8 +10,8 @@ alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (E alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (PRF)"; flow:to_client; app-layer-event:ike.weak_crypto_prf; classtype:protocol-command-decode; sid:2224003; rev:2;) alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (Auth)"; flow:to_client; app-layer-event:ike.weak_crypto_auth; classtype:protocol-command-decode; sid:2224004; rev:3;) alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ike.weak_crypto_dh; classtype:protocol-command-decode; sid:2224005; rev:3;) -alert ike any any -> any any (msg:"SURICATA IKE no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ike.weak_crypto_nodh; classtype:protocol-command-decode; sid:2224006; rev:2;) -alert ike any any -> any any (msg:"SURICATA IKE no authentication"; flow:to_client; app-layer-event:ike.weak_crypto_noauth; classtype:protocol-command-decode; sid:2224007; rev:2;) +alert ike any any -> any any (msg:"SURICATA IKE no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ike.weak_crypto_no_dh; classtype:protocol-command-decode; sid:2224006; rev:2;) +alert ike any any -> any any (msg:"SURICATA IKE no authentication"; flow:to_client; app-layer-event:ike.weak_crypto_no_auth; classtype:protocol-command-decode; sid:2224007; rev:2;) alert ike any any -> any any (msg:"SURICATA IKE no encryption (AH)"; flow:to_client; app-layer-event:ike.no_encryption; classtype:protocol-command-decode; sid:2224008; rev:2;) alert ike any any -> any any (msg:"SURICATA IKE invalid proposal"; flow:to_server; app-layer-event:ike.invalid_proposal; classtype:protocol-command-decode; sid:2224009; rev:2;) alert ike any any -> any any (msg:"SURICATA IKE invalid proposal selected"; flow:to_client; app-layer-event:ike.invalid_proposal; classtype:protocol-command-decode; sid:2224010; rev:2;) diff --git a/rules/modbus-events.rules b/rules/modbus-events.rules index 27348e4a0b2b..afcc80a7e3a2 100644 --- a/rules/modbus-events.rules +++ b/rules/modbus-events.rules @@ -4,8 +4,6 @@ alert modbus any any -> any any (msg:"SURICATA Modbus invalid Protocol version"; alert modbus any any -> any any (msg:"SURICATA Modbus unsolicited response"; app-layer-event:modbus.unsolicited_response; classtype:protocol-command-decode; sid:2250002; rev:2;) # Malformed request or response. Malformed means length field is wrong alert modbus any any -> any any (msg:"SURICATA Modbus invalid Length"; app-layer-event:modbus.invalid_length; classtype:protocol-command-decode; sid:2250003; rev:2;) -# Unit identifier field is incorrect -alert modbus any any -> any any (msg:"SURICATA Modbus invalid Unit Identifier"; app-layer-event:modbus.invalid_unit_identifier; classtype:protocol-command-decode; sid:2250004; rev:2;) # Modbus Function code is incorrect alert modbus any any -> any any (msg:"SURICATA Modbus invalid Function code"; app-layer-event:modbus.invalid_function_code; classtype:protocol-command-decode; sid:2250005; rev:2;) # Modbus Request/Response value field is incorrect diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs index 74bb59223d15..cc013881cae2 100644 --- a/rust/src/http2/detect.rs +++ b/rust/src/http2/detect.rs @@ -961,7 +961,7 @@ fn http2_tx_set_settings(state: &mut HTTP2State, input: &[u8]) { match STANDARD.decode(input) { Ok(dec) => { if dec.len() % 6 != 0 { - state.set_event(HTTP2Event::InvalidHTTP1Settings); + state.set_event(HTTP2Event::InvalidHttp1Settings); } let head = parser::HTTP2FrameHeader { @@ -982,12 +982,12 @@ fn http2_tx_set_settings(state: &mut HTTP2State, input: &[u8]) { }); } Err(_) => { - state.set_event(HTTP2Event::InvalidHTTP1Settings); + state.set_event(HTTP2Event::InvalidHttp1Settings); } } } Err(_) => { - state.set_event(HTTP2Event::InvalidHTTP1Settings); + state.set_event(HTTP2Event::InvalidHttp1Settings); } } } diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs index 9281c011ff29..89b599a9f8ef 100644 --- a/rust/src/http2/http2.rs +++ b/rust/src/http2/http2.rs @@ -498,7 +498,7 @@ pub enum HTTP2Event { ExtraHeaderData, LongFrameData, StreamIdReuse, - InvalidHTTP1Settings, + InvalidHttp1Settings, FailedDecompression, InvalidRange, HeaderIntegerOverflow,