suricata: Drop parsers I have never heard of

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 84c4aa2a7ecafecde80d125116c3d78c76bb9ab2..8b4ab8c3b317d8b46fd3c173ba0dd1a76f0ac199 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -257,40 +257,6 @@ app-layer:
            double-decode-path: no
            double-decode-query: no
 
-    # Note: Modbus probe parser is minimalist due to the poor significant field
-    # Only Modbus message length (greater than Modbus header length)
-    # And Protocol ID (equal to 0) are checked in probing parser
-    # It is important to enable detection port and define Modbus port
-    # to avoid false positive
-    modbus:
-      # How many unreplied Modbus requests are considered a flood.
-      # If the limit is reached, app-layer-event:modbus.flooded; will match.
-      #request-flood: 500
-
-      enabled: no
-      detection-ports:
-        dp: 502
-      # According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it
-      # is recommended to keep the TCP connection opened with a remote device
-      # and not to open and close it for each MODBUS/TCP transaction. In that
-      # case, it is important to set the depth of the stream reassembling as
-      # unlimited (stream.reassembly.depth: 0)
-
-      # Stream reassembly size for modbus. By default track it completely.
-      stream-depth: 0
-
-    # DNP3
-    dnp3:
-      enabled: no
-      detection-ports:
-        dp: 20000
-
-    # SCADA EtherNet/IP and CIP protocol support
-    enip:
-      enabled: no
-      detection-ports:
-        dp: 44818
-        sp: 44818
 
 # Limit for the maximum number of asn1 frames to decode (default 256)
 asn1-max-frames: 256