Project

General

Profile

Actions

Documentation #6369

open

stream: document stream.3whs_syn_flood and stream.3whs_synack_flood

Added by Victor Julien about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

These events are not self explanatory, as they are not general scan detectors, but instead flag special cases of syn or syn/ack retransmissions within a flow.

Related commits:
7bfee147ef6caefe0dd4444a088f451188108e0a (#5856)
4c6463f3784f533a07679589dab713096137a439


Related issues 2 (1 open1 closed)

Related to Suricata - Bug #5856: stream: SYN/ACK timestamp checking blocks valid trafficClosedVictor JulienActions
Related to Suricata - Documentation #7223: document 'stream-event' keywordNewOISF DevActions
Actions #1

Updated by Victor Julien about 1 year ago

  • Description updated (diff)
Actions #2

Updated by Victor Julien about 1 year ago

  • Related to Bug #5856: stream: SYN/ACK timestamp checking blocks valid traffic added
Actions #3

Updated by Victor Julien about 1 year ago

Additionally, we need to consider how this behavior can be observed. There is the stream-event keyword and the anomaly record type, but neither of them will give details.

Actions #4

Updated by Juliana Fajardini Reichow 3 months ago

Actions

Also available in: Atom PDF