Feature #6374: Sticky buffers for sip headers - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #6374

open

Sticky buffers for sip headers

Added by Giuseppe Longo 8 months ago. Updated 25 days ago.

Status:

In Progress

Priority:

Normal

Assignee:

Giuseppe Longo

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

A common attack on sip servers consists of putting SQL injection or JS code into request headers.
Implementing sticky buffers that inspects on headers will permit to detect those attacks.

I propose to start adding keywords for the following fields:

- Via
- From
- To
- User-agent
- Content-type
- Content-length

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #6374

Sticky buffers for sip headers

Updated by Victor Julien 6 months ago

Updated by Philippe Antoine 25 days ago