Project

General

Profile

Actions

Feature #4249

open

SS7 Protocol Support

Added by Simon Dugas about 3 years ago. Updated about 3 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
medium
Difficulty:
medium
Label:
Protocol

Description

Add support for TCAP/MAP Signalling System 7 (SS7) protocols transported on the SIGTRAN stack:

IP / SCTP / MTP2 / MTP3 / SCCP / TCAP / MAP

This includes EVE logging and detection keywords.

Addressing schemes in this stack:
- IP address & SCTP port may not be useful for signatures
- Add support for Point Code (MTP3) & Subsystem Number (SCCP)
- Add support for Global Title (SCCP)

Fields useful as detection keywords:
- Message Type (TCAP)
- Operation Code (MAP)
- Other arguments specific to op codes (MAP)

Keep in mind the various protocol standards, ANSI MAP is different from GSM MAP (ITU).

Resources
  • All: ITU-T Q.700–Q.849 Series for SS7
  • TCAP: ITU-T Q.771-Q.775 or ANSI T1.114
  • MAP: 3GPP TS 29.002 or 3GPP2 X.S0004

Related issues 2 (2 open0 closed)

Related to Suricata - Task #4251: protocol: SCTP supportNewActions
Related to Suricata - Task #3299: Tracking: Add support for industrial protocolNewCommunity TicketActions
Actions

Also available in: Atom PDF