File: decoder.rules

package info (click to toggle)
snort 2.8.5.2-8
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 37,692 kB
  • ctags: 25,758
  • sloc: ansic: 177,775; sh: 11,401; makefile: 1,994; yacc: 495; perl: 491; lex: 252; sql: 213
file content (65 lines) | stat: -rw-r--r-- 8,592 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
alert ( msg: "DECODE_NOT_IPV4_DGRAM"; sid: 1; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode;)
alert ( msg: "DECODE_IPV4_INVALID_HEADER_LEN"; sid: 2; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV4_DGRAM_LT_IPHDR"; sid: 3; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV4OPT_BADLEN"; sid: 4; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV4OPT_TRUNCATED"; sid: 5; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode;)
alert ( msg: "DECODE_IPV4_DGRAM_GT_IPHDR"; sid: 6; gid: 116; rev: 1; metadata: rule-type decode ;classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCP_DGRAM_LT_TCPHDR"; sid: 45; gid: 116; rev: 1; metadata: rule-type decode ;classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCP_INVALID_OFFSET"; sid: 46; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_TCP_LARGE_OFFSET"; sid: 47; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_TCPOPT_BADLEN"; sid: 54; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCPOPT_TRUNCATED"; sid: 55; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCPOPT_TTCP"; sid: 56; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCPOPT_OBSOLETE"; sid: 57; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCPOPT_EXPERIMENT"; sid: 58; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_TCPOPT_WSCALE_INVALID"; sid: 59; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_UDP_DGRAM_LT_UDPHDR"; sid: 95; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_UDP_DGRAM_INVALID_LENGTH"; sid: 96; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_UDP_DGRAM_SHORT_PACKET"; sid: 97; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_UDP_DGRAM_LONG_PACKET"; sid: 98; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_DGRAM_LT_ICMPHDR"; sid: 105; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR"; sid: 106; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_DGRAM_LT_ADDRHDR"; sid: 107; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV4_DGRAM_UNKNOWN"; sid: 108; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ARP_TRUNCATED"; sid: 109; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_EAPOL_TRUNCATED"; sid: 110; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_EAPKEY_TRUNCATED"; sid: 111; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_EAP_TRUNCATED"; sid: 112; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_PPPOE"; sid: 120; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_VLAN"; sid: 130; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_VLAN_ETHLLC"; sid: 131; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_VLAN_OTHER"; sid: 132; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_80211_ETHLLC"; sid: 133; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_80211_OTHER"; sid: 134; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_TRH"; sid: 140; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_TR_ETHLLC"; sid: 141; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_TR_MR_LEN"; sid: 142; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_TRHMR"; sid: 143; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_TRAFFIC_LOOPBACK"; sid: 150; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_BAD_TRAFFIC_SAME_SRCDST"; sid: 151; gid: 116; rev: 1; metadata: rule-type decode ;classtype:bad-unknown; )
alert ( msg: "DECODE_GRE_DGRAM_LT_GREHDR"; sid: 160; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_GRE_MULTIPLE_ENCAPSULATION"; sid: 161; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_GRE_INVALID_VERSION"; sid: 162; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_GRE_INVALID_HEADER"; sid: 163; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_GRE_V1_INVALID_HEADER"; sid: 164; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR"; sid: 165; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_ORIG_IP_TRUNCATED"; sid: 250; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_ICMP_ORIG_IP_NOT_IPV4"; sid: 251; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP"; sid: 252; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_ORIG_PAYLOAD_LT_64"; sid: 253; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_ORIG_PAYLOAD_GT_576"; sid: 254; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET"; sid: 255; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV6_MIN_TTL"; sid: 270 ; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV6_IS_NOT"; sid: 271; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV6_TRUNCATED_EXT"; sid: 272; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_IPV6_TRUNCATED"; sid: 273; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )
alert ( msg: "DECODE_IPV6_DGRAM_LT_IPHDR"; sid: 274; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV6_DGRAM_GT_IPHDR"; sid: 275; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_IPV6_TUNNELED_IPV4_TRUNCATED"; sid: 291; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-dos; reference:cve,2008-2136;  reference:bugtraq,29235; )
alert ( msg: "DECODE_BAD_MPLS_STR"; sid: 170; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_BAD_MPLS_LABEL0_STR"; sid: 171; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_BAD_MPLS_LABEL1_STR"; sid: 172; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_BAD_MPLS_LABEL2_STR"; sid: 173; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_BAD_MPLS_LABEL3_STR"; sid: 174; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_MPLS_RESERVEDLABEL_STR"; sid: 175; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )
alert ( msg: "DECODE_MPLS_LABEL_STACK_STR"; sid: 176; gid: 116; rev: 1; metadata: rule-type decode ; classtype:protocol-command-decode; )