From: Jason Ish Date: Thu, 3 Dec 2015 21:40:08 +0000 (-0600) Subject: modbus: disable by default X-Git-Tag: suricata-3.0RC2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d87a60f3cc87d346a9b1e04ff133dfed6e9f7cbe;p=thirdparty%2Fsuricata.git modbus: disable by default --- diff --git a/src/app-layer-modbus.c b/src/app-layer-modbus.c index fa965135d3..2d2cdc3d2e 100644 --- a/src/app-layer-modbus.c +++ b/src/app-layer-modbus.c @@ -1427,21 +1427,13 @@ void RegisterModbusParsers(void) STREAM_TOSERVER, ModbusProbingParser); } else { - /* if we have no config, we enable the default port 502 */ + /* If there is no app-layer section for Modbus, silently + * leave it disabled. */ if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, proto_name, ALPROTO_MODBUS, 0, sizeof(ModbusHeader), ModbusProbingParser)) { - SCLogWarning(SC_ERR_MODBUS_CONFIG, "no Modbus TCP config found, " - "enabling Modbus detection on " - "port 502."); - - AppLayerProtoDetectPPRegister(IPPROTO_TCP, - "502", - ALPROTO_MODBUS, - 0, sizeof(ModbusHeader), - STREAM_TOSERVER, - ModbusProbingParser); + return; } } diff --git a/suricata.yaml.in b/suricata.yaml.in index af54b5274d..a612fb25de 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1171,7 +1171,7 @@ rule-files: - smtp-events.rules # available in suricata sources under rules dir - dns-events.rules # available in suricata sources under rules dir - tls-events.rules # available in suricata sources under rules dir - - modbus-events.rules # available in suricata sources under rules dir +# - modbus-events.rules # available in suricata sources under rules dir - app-layer-events.rules # available in suricata sources under rules dir classification-file: @e_sysconfdir@classification.config @@ -1350,7 +1350,7 @@ app-layer: # If the limit is reached, app-layer-event:modbus.flooded; will match. #request-flood: 500 - enabled: yes + enabled: no detection-ports: dp: 502 # According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it