Project

General

Profile

Actions
Copy link

Documentation #6369

open

stream: document stream.3whs_syn_flood and stream.3whs_synack_flood

Added by Victor Julien 7 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

These events are not self explanatory, as they are not general scan detectors, but instead flag special cases of syn or syn/ack retransmissions within a flow.

Related commits:
7bfee147ef6caefe0dd4444a088f451188108e0a (#5856)
4c6463f3784f533a07679589dab713096137a439

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #5856: stream: SYN/ACK timestamp checking blocks valid trafficClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien 7 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien 7 months ago

  • Related to Bug #5856: stream: SYN/ACK timestamp checking blocks valid traffic added
Actions
Copy link
 #3

Updated by Victor Julien 7 months ago

Additionally, we need to consider how this behavior can be observed. There is the stream-event keyword and the anomaly record type, but neither of them will give details.

Actions
Copy link

Also available in: Atom PDF