Project

General

Profile

Actions

Feature #650

closed

add support for libhtp event request port doesn't match tcp port

Added by Victor Julien about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

libhtp detects if port specified in uri or host hdr doesn't match the actual tcp server port.

Actions #1

Updated by Victor Julien about 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Fixed by:

commit 9f519e95a275e478051c6f270caced2e93541acf
Author: Victor Julien <victor@inliniac.net>
Date:   Fri Nov 23 10:56:22 2012 +0100

    http: add event for libhtp detection of request port not matching tcp port.

Added:

# Warn when the port in the Host: header doesn't match the actual TCP Server port.
alert http any any -> any any (msg:"SURICATA HTTP request server port doesn't match TCP port"; flow:established,to_server; app-layer-event:http.request_server_port_tcp_port_mismatch; flowint:http.anomaly.count,+,1; classtype:protocol-
command-decode; sid:2221026; rev:1;)

Actions

Also available in: Atom PDF