From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v2 3/3] suricata: Drop parsers I have never heard of
Date: Sat, 02 Mar 2019 17:18:39 +0000
Message-ID: <20190302171839.16341-3-michael.tremer@ipfire.org>
In-Reply-To: <20190302171839.16341-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6811681847452862393=="
List-Id: <development.lists.ipfire.org>

--===============6811681847452862393==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 config/suricata/suricata.yaml | 34 ----------------------------------
 1 file changed, 34 deletions(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 84c4aa2a7..8b4ab8c3b 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -257,40 +257,6 @@ app-layer:
            double-decode-path: no
            double-decode-query: no
=20
-    # Note: Modbus probe parser is minimalist due to the poor significant fi=
eld
-    # Only Modbus message length (greater than Modbus header length)
-    # And Protocol ID (equal to 0) are checked in probing parser
-    # It is important to enable detection port and define Modbus port
-    # to avoid false positive
-    modbus:
-      # How many unreplied Modbus requests are considered a flood.
-      # If the limit is reached, app-layer-event:modbus.flooded; will match.
-      #request-flood: 500
-
-      enabled: no
-      detection-ports:
-        dp: 502
-      # According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, =
it
-      # is recommended to keep the TCP connection opened with a remote device
-      # and not to open and close it for each MODBUS/TCP transaction. In that
-      # case, it is important to set the depth of the stream reassembling as
-      # unlimited (stream.reassembly.depth: 0)
-
-      # Stream reassembly size for modbus. By default track it completely.
-      stream-depth: 0
-
-    # DNP3
-    dnp3:
-      enabled: no
-      detection-ports:
-        dp: 20000
-
-    # SCADA EtherNet/IP and CIP protocol support
-    enip:
-      enabled: no
-      detection-ports:
-        dp: 44818
-        sp: 44818
=20
 # Limit for the maximum number of asn1 frames to decode (default 256)
 asn1-max-frames: 256
--=20
2.12.2


--===============6811681847452862393==--