blob: 523140d415cb343d666f2c03d3dc4176f5e1d0e9 (
plain)
1
2
3
4
5
6
7
8
|
# Kerberos app layer event rules
#
# SID's fall in the 2226000+ range. See https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer
#
# These sigs fire at most once per connection.
#
alert krb5 any any -> any any (msg:"SURICATA Kerberos 5 malformed request data"; flow:to_server; app-layer-event:krb5.malformed_data; classtype:protocol-command-decode; sid:2226000; rev:1;)
alert krb5 any any -> any any (msg:"SURICATA Kerberos 5 weak encryption parameters"; flow:to_client; app-layer-event:krb5.weak_encryption; classtype:protocol-command-decode; sid:2226001; rev:1;)
|
