Project

General

Profile

Actions

Feature #6374

open

Sticky buffers for sip headers

Added by Giuseppe Longo 7 months ago. Updated 7 days ago.

Status:
In Progress
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

A common attack on sip servers consists of putting SQL injection or JS code into request headers.
Implementing sticky buffers that inspects on headers will permit to detect those attacks.

I propose to start adding keywords for the following fields:

- Via
- From
- To
- User-agent
- Content-type
- Content-length

Actions #1

Updated by Victor Julien 6 months ago

  • Target version changed from 8.0.0 to 8.0.0-beta1
Actions #2

Updated by Philippe Antoine 7 days ago

  • Status changed from New to In Progress

https://github.com/OISF/suricata/pull/10839

Why not a generic sip.request_header keyword ? whose buffer would be name+value like http.request_header

Actions

Also available in: Atom PDF