Project

General

Custom queries

Profile

Actions
Copy link

Task #7742

open

ftp: trigger raw stream inspection

Added by Shivani Bhardwaj 15 days ago.

Status:
New
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
9.0.0-beta1
Effort:
Difficulty:
high
Label:

Description

For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).

FTP is likely the only missing protocol with this change because the raw inspection changes triggered IRC alerts. ref: https://github.com/OISF/suricata/pull/13303#issuecomment-2911424769

Related issues 3 (2 open1 closed)

Related to Suricata - Task #7026: app-protos: trigger raw stream inspectionResolvedShivani BhardwajActions
Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesClosedShivani BhardwajActions
Blocked by Suricata - Bug #2978: IRC traffic parsed by FTPIn ProgressPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Shivani Bhardwaj 15 days ago

  • Blocked by Bug #2978: IRC traffic parsed by FTP added
Actions
Copy link
 #2

Updated by Shivani Bhardwaj 15 days ago

  • Related to Task #7026: app-protos: trigger raw stream inspection added
Actions
Copy link
 #3

Updated by Shivani Bhardwaj 15 days ago

  • Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Actions
Copy link
 #4

Updated by Shivani Bhardwaj 15 days ago

  • Copied to Task #7743: http: trigger raw stream inspection added
Actions
Copy link
 #5

Updated by Shivani Bhardwaj 15 days ago

  • Copied to deleted (Task #7743: http: trigger raw stream inspection)
Actions
Copy link

Also available in: Atom PDF