Feature #4249
openTask #7118: tracking: add support for new protocols
Task #3299: tracking: Add support for industrial protocol
ics protocol: SS7 Protocol Support
Description
Add support for TCAP/MAP Signalling System 7 (SS7) protocols transported on the SIGTRAN stack:
IP / SCTP / MTP2 / MTP3 / SCCP / TCAP / MAP
This includes EVE logging and detection keywords.
Addressing schemes in this stack:
- IP address & SCTP port may not be useful for signatures
- Add support for Point Code (MTP3) & Subsystem Number (SCCP)
- Add support for Global Title (SCCP)
Fields useful as detection keywords:
- Message Type (TCAP)
- Operation Code (MAP)
- Other arguments specific to op codes (MAP)
Keep in mind the various protocol standards, ANSI MAP is different from GSM MAP (ITU).
Resources- All: ITU-T Q.700–Q.849 Series for SS7
- TCAP: ITU-T Q.771-Q.775 or ANSI T1.114
- MAP: 3GPP TS 29.002 or 3GPP2 X.S0004
VJ Updated by Victor Julien about 5 years ago
- Status changed from New to Assigned
- Label Protocol added
Suricata's SCTP support is currently rather minimal. Is that enough for your use case or are you also planning improvements to SCTP?
SD Updated by Simon Dugas about 5 years ago
We are planning to extend support and at the least at session tracking.
VJ Updated by Victor Julien about 5 years ago
- Related to Task #4251: protocol: SCTP support added
JI Updated by Jason Ish over 2 years ago
- Related to Task #3299: tracking: Add support for industrial protocol added
JI Updated by Jason Ish 4 months ago
- Related to Task #8123: Suricon 2025 Brainstorm added
VJ Updated by Victor Julien 4 months ago
- Subject changed from SS7 Protocol Support to ics protocol: SS7 Protocol Support
VJ Updated by Victor Julien 4 months ago
- Parent task set to #3299