src / preprocessors / HttpInspect / anomaly_detection

hi_ad.c File Reference

This is the server anomaly module file. Looks for anomalous servers and other stuff. Still thinking about it. More...

#include <stdlib.h>
#include <sys/types.h>
#include "hi_ui_config.h"
#include "hi_return_codes.h"
#include "hi_eo_log.h"
#include "hi_si.h"

Go to the source code of this file.

Functions

int hi_server_anomaly_detection (void *S, u_char *data, int dsize)

Detailed Description

This is the server anomaly module file. Looks for anomalous servers and other stuff. Still thinking about it.

Author:: Daniel Roelker <droelker@sourcefire.com>

NOTES:

3.2.03: Initial development. DJR

Definition in file hi_ad.c.

Function Documentation

int hi_server_anomaly_detection ( void * S,

u_char * data,

int dsize

)

Inspect packet/streams for anomalous server detection and tunneling.
This really checks for anything that we want to look at for rogue HTTP servers, HTTP tunneling in unknown servers, and detection of sessions that are actually talking HTTP.

Parameters:

Session pointer to the session there is no server conf

data unsigned char to payload/stream data

dsize the size of the payload/stream data

Returns:
integer

Return values:

HI_SUCCESS function successful

Definition at line 39 of file hi_ad.c.
References s_HTTPINSPECT_GLOBAL_CONF::anomalous_servers, s_HI_SESSION::global_conf, GlobalConf, HI_EO_ANOM_SERVER, hi_eo_anom_server_event_log(), HI_INVALID_ARG, HI_SUCCESS, and NULL.
Referenced by hi_mi_mode_inspection().

Generated on Sun May 14 14:51:24 2006 by

1.4.2


Functions
int	hi_server_anomaly_detection (void S, u_char data, int dsize)