diff --git a/rules/decoder-events.rules b/rules/decoder-events.rules index e3f1e30bfa01..092eebdb2755 100644 --- a/rules/decoder-events.rules +++ b/rules/decoder-events.rules @@ -52,7 +52,7 @@ alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 unknown code"; decode-even alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 truncated packet"; decode-event:icmpv4.ipv4_trunc_pkt; classtype:protocol-command-decode; sid:2200026; rev:2;) alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 unknown version"; decode-event:icmpv4.ipv4_unknown_ver; classtype:protocol-command-decode; sid:2200027; rev:2;) alert pkthdr any any -> any any (msg:"SURICATA ICMPv6 packet too small"; decode-event:icmpv6.pkt_too_small; classtype:protocol-command-decode; sid:2200028; rev:2;) -# uncomment the following sginature if you plan to update suricata code to support more ICMPv6 type +# uncomment the following signature if you plan to update suricata code to support more ICMPv6 type #alert pkthdr any any -> any any (msg:"SURICATA ICMPv6 unknown type"; decode-event:icmpv6.unknown_type; classtype:protocol-command-decode; sid:2200029; rev:2;) alert pkthdr any any -> any any (msg:"SURICATA ICMPv6 unknown code"; decode-event:icmpv6.unknown_code; classtype:protocol-command-decode; sid:2200030; rev:2;) alert pkthdr any any -> any any (msg:"SURICATA ICMPv6 truncated packet"; decode-event:icmpv6.ipv6_trunc_pkt; classtype:protocol-command-decode; sid:2200031; rev:2;) diff --git a/rules/files.rules b/rules/files.rules index 0e57329224ea..ec999a956d7a 100644 --- a/rules/files.rules +++ b/rules/files.rules @@ -18,7 +18,7 @@ #alert http any any -> any any (msg:"FILEMAGIC jpg(1)"; flow:established,to_server; filemagic:"JPEG image data"; filestore; sid:10; rev:1;) #alert http any any -> any any (msg:"FILEMAGIC jpg(2)"; flow:established,to_server; filemagic:"JFIF"; filestore; sid:11; rev:1;) -# Unually short file +# Unusually short file #alert http any any -> any any (msg:"FILEMAGIC short"; flow:established,to_server; filemagic:"very short file (no magic)"; filestore; sid:12; rev:1;) # Simply store all files we encounter, no alerts. diff --git a/rules/modbus-events.rules b/rules/modbus-events.rules index d0069cb8dab1..27348e4a0b2b 100644 --- a/rules/modbus-events.rules +++ b/rules/modbus-events.rules @@ -10,7 +10,7 @@ alert modbus any any -> any any (msg:"SURICATA Modbus invalid Unit Identifier"; alert modbus any any -> any any (msg:"SURICATA Modbus invalid Function code"; app-layer-event:modbus.invalid_function_code; classtype:protocol-command-decode; sid:2250005; rev:2;) # Modbus Request/Response value field is incorrect alert modbus any any -> any any (msg:"SURICATA Modbus invalid Value"; app-layer-event:modbus.invalid_value; classtype:protocol-command-decode; sid:2250006; rev:2;) -# Modbus Expception code is incorrect +# Modbus Exception code is incorrect alert modbus any any -> any any (msg:"SURICATA Modbus Exception code invalid"; flow:to_client; app-layer-event:modbus.invalid_exception_code; classtype:protocol-command-decode; sid:2250007; rev:2;) # Value field in Modbus Response does not match with Modbus Request alert modbus any any -> any any (msg:"SURICATA Modbus Data mismatch"; flow:to_client; app-layer-event:modbus.value_mismatch; classtype:protocol-command-decode; sid:2250008; rev:2;)