[Oisf-users] SCTP protocol support

Eric Leblond eric at regit.org
Tue May 14 09:52:50 UTC 2013


Hello,

Le mardi 14 mai 2013 à 10:46 +0100, marwane azzouzi a écrit :
> Hello, 
> 
> I'm using Suricata 1.4.1 to detect intrusion in my network and
>  noticed a promising capacity of detection that your product offers.
> Thank you ;)
> 
> 
> I still have  questions about the support of the SCTP protocol by
> Suricata in a mobile context (SIGTRAN). I see that you made a patch
> for that purpose but I could'nt find more information about this
> point!

SCTP support is really basic in Suricata. It is just able to decode the
port and it knows the protocol. So you can write alerts like:

alert sctp any any -> any 2567 (...)

There is no support for flow tracking and for the "multiple link per
session thing" of SCTP.

BR,
--
Eric


> 
> Any help?
> 
> 
> thx
> 
> 
> Marwane
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130514/774d09d5/attachment.sig>


More information about the Oisf-users mailing list