Project

General

Profile

Actions
Copy link

Feature #4249

open

SS7 Protocol Support

Added by Simon Dugas over 3 years ago. Updated over 3 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Simon Dugas
Target version:
TBD
Effort:
medium
Difficulty:
medium
Label:
Protocol

Description

Add support for TCAP/MAP Signalling System 7 (SS7) protocols transported on the SIGTRAN stack:

IP / SCTP / MTP2 / MTP3 / SCCP / TCAP / MAP

This includes EVE logging and detection keywords.

Addressing schemes in this stack:
- IP address & SCTP port may not be useful for signatures
- Add support for Point Code (MTP3) & Subsystem Number (SCCP)
- Add support for Global Title (SCCP)

Fields useful as detection keywords:
- Message Type (TCAP)
- Operation Code (MAP)
- Other arguments specific to op codes (MAP)

Keep in mind the various protocol standards, ANSI MAP is different from GSM MAP (ITU).

Resources
  • All: ITU-T Q.700–Q.849 Series for SS7
  • TCAP: ITU-T Q.771-Q.775 or ANSI T1.114
  • MAP: 3GPP TS 29.002 or 3GPP2 X.S0004

Related issues 2 (2 open0 closed)

Related to Suricata - Task #4251: protocol: SCTP supportNewActions
Related to Suricata - Task #3299: Tracking: Add support for industrial protocolNewCommunity TicketActions
Actions
Copy link
 #1

Updated by Victor Julien over 3 years ago

  • Status changed from New to Assigned
  • Label Protocol added

Suricata's SCTP support is currently rather minimal. Is that enough for your use case or are you also planning improvements to SCTP?

Actions
Copy link
 #2

Updated by Simon Dugas over 3 years ago

We are planning to extend support and at the least at session tracking.

Actions
Copy link
 #3

Updated by Victor Julien over 3 years ago

  • Related to Task #4251: protocol: SCTP support added
Actions
Copy link
 #4

Updated by Jason Ish 6 months ago

  • Related to Task #3299: Tracking: Add support for industrial protocol added
Actions
Copy link

Also available in: Atom PDF