Actions
Feature #6374
openSticky buffers for sip headers
Effort:
Difficulty:
Label:
Description
A common attack on sip servers consists of putting SQL injection or JS code into request headers.
Implementing sticky buffers that inspects on headers will permit to detect those attacks.
I propose to start adding keywords for the following fields:
- Via
- From
- To
- User-agent
- Content-type
- Content-length
Updated by Victor Julien 6 months ago
- Target version changed from 8.0.0 to 8.0.0-beta1
Updated by Philippe Antoine 11 days ago
- Status changed from New to In Progress
https://github.com/OISF/suricata/pull/10839
Why not a generic sip.request_header keyword ? whose buffer would be name+value like http.request_header
Actions