Project

General

Profile

Actions
Copy link

Feature #273

open
VJ CT

IRC protocol detection support

Feature #273: IRC protocol detection support

Added by Victor Julien about 15 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
medium
Label:
Protocol

Description

Support IRC in the protocol detection module so we can write rules like:
alert irc ....

Related issues 5 (3 open2 closed)

Related to Suricata - Task #2757: improve protocol detectionIn ReviewPhilippe AntoineActions
Related to Suricata - Bug #2978: IRC traffic parsed by FTPClosedPhilippe AntoineActions
Related to Suricata - Task #4151: Research: New protocol supportNewCommunity TicketActions
Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Blocked by Suricata - Feature #2572: extend protocol detection to specify flow directionClosedVictor JulienActions

VJ Updated by Victor Julien almost 15 years ago Actions
Copy link
 #1

  • Target version changed from 1.1beta2 to 1.1beta3

VJ Updated by Victor Julien almost 15 years ago Actions
Copy link
 #2

  • Due date set to 04/29/2011
  • Assignee changed from Victor Julien to Anoop Saldanha
  • Estimated time set to 6.00 h

Anoop can you create a "probing parser" on top of task 209? Thanks!

AS Updated by Anoop Saldanha almost 15 years ago Actions
Copy link
 #3

Victor Julien wrote:

Anoop can you create a "probing parser" on top of task 209? Thanks!

cool

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
 #4

  • Target version changed from 1.1beta3 to 1.2

Retargeting to version 1.2 as some interaction issues with the ftp parser need to be addressed first.

VJ Updated by Victor Julien about 14 years ago Actions
Copy link
 #5

  • Target version changed from 1.2 to TBD

AH Updated by Andreas Herz over 9 years ago Actions
Copy link
 #6

  • Assignee changed from Anoop Saldanha to OISF Dev

Is this still a thing to have dedicated IRC rules? :)

VJ Updated by Victor Julien almost 8 years ago Actions
Copy link
 #7

  • Status changed from Assigned to New
  • Assignee deleted (OISF Dev)
  • Effort set to medium
  • Difficulty set to medium

This depends on protocol detection improvements. Right now patterns for ftp, smtp, and irc would be too similar and the proto detection is too dumb.

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #8

  • Blocked by Feature #2572: extend protocol detection to specify flow direction added

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #9

  • Related to Task #2757: improve protocol detection added

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #10

  • Assignee set to Community Ticket

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
 #11

  • Related to Bug #2978: IRC traffic parsed by FTP added

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #12

  • Related to Task #4151: Research: New protocol support added

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #13

  • Related to Task #4097: Suricon 2020 brainstorm added

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #14

  • Label Protocol added
Actions
Copy link

Also available in: PDF Atom