vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-01 00:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adds search by tcp flags in SYN scan alert

Browse source
This commit is contained in:
Simone Mainardi 2021-08-02 18:43:08 +02:00
parent d84fc3405a
commit 805b99f03c
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/lua/modules/alert_definitions/host/host_alert_tcp_syn_scan.lua
View file

@ -74,8 +74,8 @@ function host_alert_tcp_syn_scan.filter_to_past_flows(ifid, alert, alert_type_pa
res["srv_ip"] = host_key
end
res["src2dst_tcp_flags"] = 0x02 -- Has SYN
-- res["dst2src_tcp_flags"] = 0x16 -- TODO: Doesn't have ACK
res["src2dst_tcp_flags"] = 0x02 -- Has SYN
res["dst2src_tcp_flags"] = -0x02 -- Does NOT have SYN
res["l4proto"] = "TCP"