Feature #6374: Sticky buffers for sip headers - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #6374

open

Sticky buffers for sip headers

Added by Giuseppe Longo 7 months ago. Updated 11 days ago.

Status:

In Progress

Priority:

Normal

Assignee:

Giuseppe Longo

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

A common attack on sip servers consists of putting SQL injection or JS code into request headers.
Implementing sticky buffers that inspects on headers will permit to detect those attacks.

I propose to start adding keywords for the following fields:

- Via
- From
- To
- User-agent
- Content-type
- Content-length

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien 6 months ago

Target version changed from 8.0.0 to 8.0.0-beta1

Actions

Copy link

Updated by Philippe Antoine 11 days ago

Status changed from New to In Progress

https://github.com/OISF/suricata/pull/10839

Why not a generic sip.request_header keyword ? whose buffer would be name+value like http.request_header

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #6374

Sticky buffers for sip headers

Updated by Victor Julien 6 months ago

Updated by Philippe Antoine 11 days ago