Project

General

Profile

Actions
Copy link

Feature #6368

open

stream/midstream: wscale setting

Added by Victor Julien over 1 year ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-rc1
Effort:
Difficulty:
Label:

Description

When midstream pickup happens, we have missed the 3whs. In this case we assume wscale to be enabled and set to its max value (14). This gives a huge window, that can easily lead to packets getting accepted that most likely shouldn't be.

The idea here is to add a configurable value to the config that would be used instead of 14: `stream.midstream-wscale` or something.

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #7713: detect: add tcp.wscale keyword to match on TCP wscale option valuesIn ReviewVictor JulienActions
Actions
Copy link

Also available in: Atom PDF