Feature #273
open
IRC protocol detection support
Added by Victor Julien about 13 years ago.
Updated over 3 years ago.
Description
Support IRC in the protocol detection module so we can write rules like:
alert irc ....
- Target version changed from 1.1beta2 to 1.1beta3
- Due date set to 04/29/2011
- Assignee changed from Victor Julien to Anoop Saldanha
- Estimated time set to 6.00 h
Anoop can you create a "probing parser" on top of task 209? Thanks!
Victor Julien wrote:
Anoop can you create a "probing parser" on top of task 209? Thanks!
cool
- Target version changed from 1.1beta3 to 1.2
Retargeting to version 1.2 as some interaction issues with the ftp parser need to be addressed first.
- Target version changed from 1.2 to TBD
- Assignee changed from Anoop Saldanha to OISF Dev
Is this still a thing to have dedicated IRC rules? :)
- Status changed from Assigned to New
- Assignee deleted (
OISF Dev)
- Effort set to medium
- Difficulty set to medium
This depends on protocol detection improvements. Right now patterns for ftp, smtp, and irc would be too similar and the proto detection is too dumb.
- Blocked by Feature #2572: extend protocol detection to specify flow direction added
- Assignee set to Community Ticket
- Related to Bug #2978: IRC traffic parsed by FTP added
- Related to Task #4151: Research: New protocol support added
- Related to Task #4097: Suricon 2020 brainstorm added
Also available in: Atom
PDF