Project

General

Profile

Actions

Feature #1125

open

smtp: improve protocol detection

Added by Victor Julien over 9 years ago. Updated 4 months ago.

Status:
In Review
Priority:
Low
Target version:
Effort:
Difficulty:
Label:

Description

Currently SMTP is only detected if the client starts the conversation with HELO, EHLO or QUIT.

The server stream is not used for protocol detection.


Related issues 4 (2 open2 closed)

Related to Bug #2978: IRC traffic parsed by FTPNewPhilippe AntoineActions
Related to Feature #2757: improve protocol detectionIn ReviewPhilippe AntoineActions
Blocked by Feature #2572: extend protocol detection to specify flow directionClosedVictor JulienActions
Blocked by Bug #5769: Incomplete values for .stats."app_layer".flow.protoClosedPhilippe AntoineActions
Actions #1

Updated by Victor Julien over 7 years ago

  • Target version changed from 3.0RC2 to 70
Actions #2

Updated by Victor Julien almost 5 years ago

  • Assignee changed from Tom DeCanio to OISF Dev
Actions #3

Updated by Victor Julien almost 5 years ago

  • Blocked by Feature #2572: extend protocol detection to specify flow direction added
Actions #4

Updated by Victor Julien over 4 years ago

  • Priority changed from Normal to High
Actions #5

Updated by Victor Julien over 4 years ago

Actions #6

Updated by Victor Julien over 4 years ago

  • Priority changed from High to Normal
  • Target version changed from 70 to 5.0beta1
Actions #7

Updated by Victor Julien over 4 years ago

  • Priority changed from Normal to High
Actions #8

Updated by Victor Julien over 4 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine
  • Priority changed from High to Normal
Actions #9

Updated by Victor Julien about 4 years ago

  • Target version changed from 5.0beta1 to 5.0rc1
Actions #10

Updated by Philippe Antoine about 4 years ago

  • Related to Bug #2978: IRC traffic parsed by FTP added
Actions #11

Updated by Victor Julien over 3 years ago

  • Target version changed from 5.0rc1 to 6.0.0beta1
Actions #12

Updated by Philippe Antoine over 3 years ago

Actions #13

Updated by Philippe Antoine over 3 years ago

Actions #14

Updated by Philippe Antoine about 3 years ago

  • Status changed from Assigned to Feedback

Waiting first for feedback on other related tickets

Actions #16

Updated by Victor Julien almost 3 years ago

  • Target version changed from 6.0.0beta1 to 7.0.0-beta1
Actions #17

Updated by Philippe Antoine 12 months ago

Both FTP and SMTP start with 220 from server (followed by either space or hyphen)

For SMTP, it is then supposed to be a valid domain name.
But there is no restriction for FTP

There can be (E)SMTP or FTP in the banner...

We can use the ports.

And we can maybe mark this detection as weak, so that client side detection overrides it...

Actions #18

Updated by Philippe Antoine 12 months ago

  • Status changed from Feedback to In Review
Actions #19

Updated by Philippe Antoine 11 months ago

Actions #20

Updated by Philippe Antoine 11 months ago

Actions #21

Updated by Philippe Antoine 9 months ago

  • Priority changed from Normal to Low
Actions #22

Updated by Victor Julien 8 months ago

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Actions #23

Updated by Philippe Antoine 6 months ago

  • Blocked by Bug #5769: Incomplete values for .stats."app_layer".flow.proto added
Actions #24

Updated by Victor Julien 4 months ago

  • Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Actions

Also available in: Atom PDF