User Tools

Site Tools


pfsense:suricata:alerts

PFSense - Suricata - Alerts

See Suricata Redmine site for further information.


Disable an entire group of rules


ET CINS Active Threat Intelligence Poor Reputation IP

ET DROP Dshield Block Listed Source group 1

ET POLICY PE EXE or DLL Windows file download HTTP

ET SCAN Internal Dummy Connection User-Agent Inbound

ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response

ET SCAN Sipvicious User-Agent Detected (friendly-scanner)

ET TOR Known Tor Exit Node Traffic group 60

ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26

SURICATA Applayer Mismatch protocol both directions

SURICATA Applayer Wrong direction first Data

SURICATA HTTP Host header invalid

SURICATA HTTP Request line incomplete

SURICATA HTTP Request unrecognized authorization method

SURICATA HTTP unable to match response to request

SURICATA ICMPv4 invalid checksum

SURICATA IKEv2 weak cryptographic parameters (Auth)

SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)

SURICATA IKEv2 weak cryptographic parameters (Encryption)

SURICATA IKEv2 weak cryptographic parameters (PRF)

SURICATA STREAM 3way handshake SYNACK with wrong ack

SURICATA STREAM 3way handshake SYNACK resend with different ack

SURICATA STREAM 3way handshake SYN resend different seq on SYN recv

SURICATA STREAM 3way handshake wrong seq wrong ack

SURICATA STREAM bad window update

SURICATA STREAM CLOSEWAIT FIN out of window

SURICATA STREAM ESTABLISHED invalid ack

SURICATA STREAM ESTABLISHED packet out of window

SURICATA STREAM excessive retransmissions

SURICATA STREAM FIN invalid ack

SURICATA STREAM FIN out of window

SURICATA STREAM Packet with invalid ack

SURICATA STREAM Packet with invalid timestamp

SURICATA STREAM reassembly overlap with different data

SURICATA STREAM SHUTDOWN RST invalid ack

SURICATA STREAM TIMEWAIT ACK with wrong seq

SURICATA UDPv4 invalid checksum

SURICATA TLS invalid handshake message

SURICATA TLS invalid record/traffic

SURICATA TLS invalid record type

SURICATA TLS invalid TLS header


References

pfsense/suricata/alerts.txt · Last modified: 2021/01/21 10:26 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki