Project

General

Profile

Actions
Copy link

Feature #6374

closed
GL GL

sip: add sticky buffers for headers

Feature #6374: sip: add sticky buffers for headers

Added by Giuseppe Longo over 2 years ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Giuseppe Longo
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

A common attack on sip servers consists of putting SQL injection or JS code into request headers.
Implementing sticky buffers that inspects on headers will permit to detect those attacks.

I propose to start adding keywords for the following fields:

- Via
- From
- To
- User-agent
- Content-type
- Content-length

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #1

  • Target version changed from 8.0.0 to 8.0.0-beta1

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #2

  • Status changed from New to In Progress

https://github.com/OISF/suricata/pull/10839

Why not a generic sip.request_header keyword ? whose buffer would be name+value like http.request_header

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #3

  • Status changed from In Progress to In Review

BM Updated by Brandon Murphy almost 2 years ago Actions
Copy link
 #4

Philippe Antoine wrote in #note-2:

Why not a generic sip.request_header keyword ? whose buffer would be name+value like http.request_header

Sometimes the inclusion of the header name requires different content logic that is cumbersome. Perhaps sip would be a good target for initial implementation of dynamic sticky buffers as mentioned in #5775?

GL Updated by Giuseppe Longo over 1 year ago Actions
Copy link
 #5

  • Status changed from In Review to Closed

VJ Updated by Victor Julien 12 months ago Actions
Copy link
 #6

  • Subject changed from Sticky buffers for sip headers to sip: add sticky buffers for headers
Actions
Copy link

Also available in: PDF Atom