Rule 2: apachessl

Preview:

[Full Size] [dot] [eps] [pdf]

Informations
Property	Value
States	4
Transitions	3
Static env size	14
Dynamic env size	3
Source	rules/apachessl.rule:17

State list
ID	Name	Line	Trans.	Action code
0	init	19	1	No action.
1	entropy_alert	26	1	0000: 05 187 \| pushfield [391] 0002: 03 00 \| pop [0] 0004: 05 188 \| pushfield [392] 0006: 03 01 \| pop [1] 0008: 04 02 \| pushstatic [2] 000a: 09 01 \| call [1] 000c: 00 \| end
2	ssl_error	39	1	0000: 04 06 \| pushstatic [6] 0002: 09 01 \| call [1] 0004: 00 \| end

Transision list
ID	Src	Dst	Evaluation bytecode
0	init (0)	entropy_alert (1)	0000: 05 186 \| pushfield [390] 0002: 04 00 \| pushstatic [0] 0004: 1f \| ceq 0005: 05 18a \| pushfield [394] 0007: 04 01 \| pushstatic [1] 0009: 1f \| ceq 000a: 00 \| end
1	entropy_alert (1)	ssl_error (2)	0000: 05 17f \| pushfield [383] 0002: 04 03 \| pushstatic [3] 0004: 1f \| ceq 0005: 05 17e \| pushfield [382] 0007: 04 04 \| pushstatic [4] 0009: 1f \| ceq 000a: 05 180 \| pushfield [384] 000c: 04 05 \| pushstatic [5] 000e: 1f \| ceq 000f: 05 183 \| pushfield [387] 0011: 02 00 \| push [0] 0013: 1f \| ceq 0014: 00 \| end
2	ssl_error (2)	ssl_alert (0)	0000: 05 17f \| pushfield [383] 0002: 04 07 \| pushstatic [7] 0004: 1f \| ceq 0005: 05 17e \| pushfield [382] 0007: 04 08 \| pushstatic [8] 0009: 1f \| ceq 000a: 05 180 \| pushfield [384] 000c: 04 09 \| pushstatic [9] 000e: 1f \| ceq 000f: 05 184 \| pushfield [388] 0011: 04 0a \| pushstatic [10] 0013: 1f \| ceq 0014: 00 \| end

Static environment
ID	Type	Value
0	str	RISING ALARM
1	int	443
2	str	entropy alert
3	str	mod_ssl
4	str	error
5	str	SSL handshake failed
6	str	SSL error
7	str	OpenSSL
8	str	error
9	str	error
10	str	1406908F
11	str	ssh root@10.0.0.100 '/sbin/iptables --append orchids --proto TCP --source-port 443 --destination
12	str	--destination-port
13	str	--jump DROP' &

Dynamic environment
ID	Variable name
0	$attacker
1	$port
2	$response

Synchronization environment
ID	Dyn Var ID	Variable name

Generated by Orchids. Thu Nov 10 19:00:07 2005