modbus: disable by default

author Jason Ish <ish@unx.ca>

Thu, 3 Dec 2015 21:40:08 +0000 (15:40 -0600)

committer Victor Julien <victor@inliniac.net>

Fri, 4 Dec 2015 14:43:35 +0000 (15:43 +0100)
author Jason Ish <ish@unx.ca>
Thu, 3 Dec 2015 21:40:08 +0000 (15:40 -0600)
committer Victor Julien <victor@inliniac.net>
Fri, 4 Dec 2015 14:43:35 +0000 (15:43 +0100)
diff --git a/src/app-layer-modbus.c b/src/app-layer-modbus.c

index fa965135d394c3218529a75e5d9aff8260155805..2d2cdc3d2e2d15bc1b45346e1670e4c66e30250d 100644 (file)
--- a/src/app-layer-modbus.c
+++ b/src/app-layer-modbus.c
@@ -1427,21 +1427,13 @@ void RegisterModbusParsers(void)
                                            STREAM_TOSERVER,
                                            ModbusProbingParser);
          } else {
-            /* if we have no config, we enable the default port 502 */
+            /* If there is no app-layer section for Modbus, silently
+             * leave it disabled. */
              if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
                                                  proto_name, ALPROTO_MODBUS,
                                                  0, sizeof(ModbusHeader),
                                                  ModbusProbingParser)) {
-                SCLogWarning(SC_ERR_MODBUS_CONFIG, "no Modbus TCP config found, "
-                                                "enabling Modbus detection on "
-                                                "port 502.");
-
-                AppLayerProtoDetectPPRegister(IPPROTO_TCP,
-                                              "502",
-                                              ALPROTO_MODBUS,
-                                              0, sizeof(ModbusHeader),
-                                              STREAM_TOSERVER,
-                                              ModbusProbingParser);
+                return;
              }
          }
  
diff --git a/suricata.yaml.in b/suricata.yaml.in

index af54b5274dd57e733c7e0177ba7f7738e24f75be..a612fb25dedd813ecf3c73beb892ddd04ee338e7 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1171,7 +1171,7 @@ rule-files:
   - smtp-events.rules    # available in suricata sources under rules dir
   - dns-events.rules     # available in suricata sources under rules dir
   - tls-events.rules     # available in suricata sources under rules dir
- - modbus-events.rules  # available in suricata sources under rules dir
+# - modbus-events.rules  # available in suricata sources under rules dir
   - app-layer-events.rules  # available in suricata sources under rules dir
  
  classification-file: @e_sysconfdir@classification.config
@@ -1350,7 +1350,7 @@ app-layer:
        # If the limit is reached, app-layer-event:modbus.flooded; will match.
        #request-flood: 500
  
-      enabled: yes
+      enabled: no
        detection-ports:
          dp: 502
        # According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it
author	Jason Ish <ish@unx.ca>
	Thu, 3 Dec 2015 21:40:08 +0000 (15:40 -0600)
committer	Victor Julien <victor@inliniac.net>
	Fri, 4 Dec 2015 14:43:35 +0000 (15:43 +0100)
src/app-layer-modbus.c		patch \| blob \| blame \| history
suricata.yaml.in		patch \| blob \| blame \| history