Task #7742: ftp: trigger raw stream inspection - Suricata - Open Information Security Foundation

Actions

Copy link

Task #7742

open

ftp: trigger raw stream inspection

Added by Shivani Bhardwaj 2 months ago.

Status:

New

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

9.0.0-beta1

Effort:

Difficulty:

high

Label:

Description

For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).

FTP is likely the only missing protocol with this change because the raw inspection changes triggered IRC alerts. ref: https://github.com/OISF/suricata/pull/13303#issuecomment-2911424769

Related issues 3 (1 open — 2 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Related to Suricata - Task #7026: app-protos: trigger raw stream inspection	Resolved	Shivani Bhardwaj	Actions
Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rules	Closed	Shivani Bhardwaj	Actions
Blocked by Suricata - Bug #2978: IRC traffic parsed by FTP	Closed	Philippe Antoine	Actions

Project

General

Profile

Suricata

Custom queries

Task #7742

ftp: trigger raw stream inspection

Updated by Shivani Bhardwaj 2 months ago

Updated by Shivani Bhardwaj 2 months ago

Updated by Shivani Bhardwaj 2 months ago

Updated by Shivani Bhardwaj 2 months ago

Updated by Shivani Bhardwaj 2 months ago