Skip to content

v.1.3
Compare
Choose a tag to compare
@aleksibovellan aleksibovellan released this 06 Jun 16:13
· 64 commits to main since this release
v.1.3
047d568
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

TCP based scan detection rules rewritten, they now inspect TCP packet window sizes, flags and/or MSS values in addition to just timing intervals and ports. This resolved almost all false positive alerts from trying to detect slower TCP scans, and also lowered detected Nmap scan speeds (including TCP types) down to speed -T1. Currently -T0 is still too slow to detect without false positives. Also, UDP and fragmented scan timing intervals were made more common between other similar rules. These latest rule fixes were based on WireShark captures gotten during recent rule testing. General cleanups. Cosmetic touches.

Assets 2
Loading