Project

General

Profile

Actions
Copy link

Documentation #6369

open

stream: document stream.3whs_syn_flood and stream.3whs_synack_flood

Added by Victor Julien almost 2 years ago. Updated 5 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

These events are not self explanatory, as they are not general scan detectors, but instead flag special cases of syn or syn/ack retransmissions within a flow.

Related commits:
7bfee147ef6caefe0dd4444a088f451188108e0a (#5856)
4c6463f3784f533a07679589dab713096137a439

Related issues 2 (1 open1 closed)

Related to Suricata - Bug #5856: stream: SYN/ACK timestamp checking blocks valid trafficClosedVictor JulienActions
Related to Suricata - Documentation #7223: document 'stream-event' keywordNewOISF DevActions
Actions
Copy link
 #1

Updated by Victor Julien almost 2 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien almost 2 years ago

  • Related to Bug #5856: stream: SYN/ACK timestamp checking blocks valid traffic added
Actions
Copy link
 #3

Updated by Victor Julien almost 2 years ago

Additionally, we need to consider how this behavior can be observed. There is the stream-event keyword and the anomaly record type, but neither of them will give details.

Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 10 months ago

Actions
Copy link
 #5

Updated by Victor Julien 5 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #6

Updated by Victor Julien 18 days ago

  • Target version changed from 8.0.0-rc1 to 8.0.0
Actions
Copy link
 #7

Updated by Victor Julien 5 days ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link

Also available in: Atom PDF