Project

General

Profile

Actions
Copy link

Feature #6368

open

stream/midstream: wscale setting

Added by Victor Julien almost 2 years ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

When midstream pickup happens, we have missed the 3whs. In this case we assume wscale to be enabled and set to its max value (14). This gives a huge window, that can easily lead to packets getting accepted that most likely shouldn't be.

The idea here is to add a configurable value to the config that would be used instead of 14: `stream.midstream-wscale` or something.

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #7713: detect: add tcp.wscale keyword to match on TCP wscale option valuesClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien about 1 year ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #2

Updated by Victor Julien 3 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #3

Updated by Victor Julien about 2 months ago

  • Related to Feature #7713: detect: add tcp.wscale keyword to match on TCP wscale option values added
Actions
Copy link
 #4

Updated by Victor Julien about 1 month ago

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link

Also available in: Atom PDF