Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages

hi_ad.c File Reference

This is the server anomaly module file. Looks for anomalous servers and other stuff. Still thinking about it. More...

#include <stdlib.h>
#include <sys/types.h>
#include "hi_ui_config.h"
#include "hi_return_codes.h"
#include "hi_eo_log.h"
#include "hi_si.h"

Go to the source code of this file.

Functions

int hi_server_anomaly_detection (void *S, u_char *data, int dsize)


Detailed Description

This is the server anomaly module file. Looks for anomalous servers and other stuff. Still thinking about it.

Author:
Daniel Roelker <droelker@sourcefire.com>
NOTES:

Definition in file hi_ad.c.


Function Documentation

int hi_server_anomaly_detection void *  S,
u_char *  data,
int  dsize
 

Inspect packet/streams for anomalous server detection and tunneling.

This really checks for anything that we want to look at for rogue HTTP servers, HTTP tunneling in unknown servers, and detection of sessions that are actually talking HTTP.

Parameters:
Session pointer to the session there is no server conf
data unsigned char to payload/stream data
dsize the size of the payload/stream data
Returns:
integer
Return values:
HI_SUCCESS function successful

Definition at line 39 of file hi_ad.c.

References s_HTTPINSPECT_GLOBAL_CONF::anomalous_servers, s_HI_SESSION::global_conf, GlobalConf, HI_EO_ANOM_SERVER, hi_eo_anom_server_event_log(), HI_INVALID_ARG, HI_SUCCESS, and NULL.

Referenced by hi_mi_mode_inspection().


Generated on Sun May 14 14:51:24 2006 by  doxygen 1.4.2