summaryrefslogtreecommitdiffstats
path: root/rules/rfb-events.rules
blob: 08bc493f4270d4352f45f220291a54fdad802e49 (plain)
1
2
3
4
5
6
7
8
9
10
# RFB app-layer event rules.
#
# These SIDs fall in the 2233000+ range. See:
#    http://doc.emergingthreats.net/bin/view/Main/SidAllocation and
#    https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer

alert rfb any any -> any any (msg:"SURICATA RFB Malformed or unknown message"; app-layer-event:rfb.malformed_message; classtype:protocol-command-decode; sid:2233000; rev:1;)
alert rfb any any -> any any (msg:"SURICATA RFB Unimplemented security type"; app-layer-event:rfb.unimplemented_security_type; classtype:protocol-command-decode; sid:2233001; rev:1;)
alert rfb any any -> any any (msg:"SURICATA RFB Unknown security result"; app-layer-event:rfb.unknown_security_result; classtype:protocol-command-decode; sid:2233002; rev:1;)
alert rfb any any -> any any (msg:"SURICATA RFB Unexpected State in Parser"; app-layer-event:rfb.confused_state; classtype:protocol-command-decode; sid:2233003; rev:1;)