cschantz 07448e1136 CRITICAL FIX: Severity threshold off-by-one error (> should be >=) ...

Bug #5 (CRITICAL): Attack severity calculation used '>' instead of '>=',
causing off-by-one boundary conditions:

Before fix:
- total_syn=500 → severity=0 (should be 4!)
- total_syn=300 → severity=0 (should be 3!)
- total_syn=150 → severity=0 (should be 2!)
- total_syn=75 → severity=0 (should be 1!)

This means attacks at EXACTLY these critical thresholds were misclassified
as severity=0, resulting in:
- Wrong threshold (stays at 20 instead of 3-10)
- IPs not detected that should be
- Adaptive threshold not lowered properly

Fix: Change all conditions from > to >= to include boundary values:
- total_syn >= 500 → severity=4
- total_syn >= 300 → severity=3
- total_syn >= 150 → severity=2
- total_syn >= 75 → severity=1
- else → severity=0

Impact: Large-scale attacks at exact threshold counts now properly classified.

Example: Server with exactly 500 SYN connections
- Before: severity=0, threshold=20 (no detection)
- After: severity=4, threshold=3 (proper detection)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

2026-03-06 23:13:48 -05:00

..

backup

FIX: Remove unnecessary press_enter after step 5 dump failure

2026-02-27 21:56:26 -05:00

diagnostics

Fix AWK-UNINIT issues by initializing variables in BEGIN blocks

2026-02-07 02:49:57 -05:00

email

Standardize mail-log-analyzer.sh menu validation and colors

2026-02-17 18:41:11 -05:00

maintenance

Fix HIGH priority issues: paths, globs, deps, wordsplit

2026-01-02 17:21:19 -05:00

performance

Fix batch analyzer to flag domains needing optimization increases

2026-02-19 00:05:07 -05:00

security

CRITICAL FIX: Severity threshold off-by-one error (> should be >=)

2026-03-06 23:13:48 -05:00

website

CRITICAL FIX: Implement persistent menu loop returning to menu after operations

2026-03-05 21:59:41 -05:00