Pull request #3157: US 708162: Timebox: Built-in rule documentation - back orifice

Merge in SNORT/snort3 from ~MDAGON/snort3:bo_doc to master

Squashed commit of the following:

commit 3fb00bd44ee93c4bf67a99d7a01e82ae00687432
Author: Maya Dagon <mdagon@cisco.com>
Date:   Mon Nov 8 17:01:17 2021 -0500

    doc: back orifice builtin rules

diff --git a/doc/reference/builtin_stubs.txt b/doc/reference/builtin_stubs.txt
index e6da01eee874b93ed3dcebf4b447b0d13d72f802..1d64e4f27c9b468d755ad0a92b676382ac3320ef 100644 (file)
--- a/doc/reference/builtin_stubs.txt
+++ b/doc/reference/builtin_stubs.txt
@@ -4,19 +4,19 @@ A tagged packet was logged.
 
 105:1
 
-(back_orifice) BO traffic detected
+Back orifice traffic detected, unknown direction
 
 105:2
 
-(back_orifice) BO client traffic detected
+Back orifice client traffic detected
 
 105:3
 
-(back_orifice) BO server traffic detected
+Back orifice server traffic detected
 
 105:4
 
-(back_orifice) BO Snort buffer attack
+Back orifice length field >= 1024 bytes
 
 106:1
 

diff --git a/src/service_inspectors/back_orifice/back_orifice.cc b/src/service_inspectors/back_orifice/back_orifice.cc
index 5d5ef01453e098db6abaeb01c0edffd33483eb36..998646741efca7417bee81d308e2983bc68aa6b1 100644 (file)
--- a/src/service_inspectors/back_orifice/back_orifice.cc
+++ b/src/service_inspectors/back_orifice/back_orifice.cc
@@ -159,13 +159,13 @@ static THREAD_LOCAL SimpleStats bostats;
 #define BO_SNORT_BUFFER_ATTACK    4
 
 #define BO_TRAFFIC_DETECT_STR \
-    "BO traffic detected"
+    "Back orifice traffic detected, unknown direction"
 #define BO_CLIENT_TRAFFIC_DETECT_STR \
-    "BO client traffic detected"
+    "Back orifice client traffic detected"
 #define BO_SERVER_TRAFFIC_DETECT_STR \
-    "BO server traffic detected"
+    "Back orifice server traffic detected"
 #define BO_SNORT_BUFFER_ATTACK_STR \
-    "BO Snort buffer attack"
+    "Back orifice length field >= 1024 bytes"
 
 static const RuleMap bo_rules[] =
 {