[Oisf-users] SCTP protocol support
Eric Leblond
eric at regit.org
Tue May 14 09:52:50 UTC 2013
Hello,
Le mardi 14 mai 2013 à 10:46 +0100, marwane azzouzi a écrit :
> Hello,
>
> I'm using Suricata 1.4.1 to detect intrusion in my network and
> noticed a promising capacity of detection that your product offers.
> Thank you ;)
>
>
> I still have questions about the support of the SCTP protocol by
> Suricata in a mobile context (SIGTRAN). I see that you made a patch
> for that purpose but I could'nt find more information about this
> point!
SCTP support is really basic in Suricata. It is just able to decode the
port and it knows the protocol. So you can write alerts like:
alert sctp any any -> any 2567 (...)
There is no support for flow tracking and for the "multiple link per
session thing" of SCTP.
BR,
--
Eric
>
> Any help?
>
>
> thx
>
>
> Marwane
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130514/774d09d5/attachment.sig>
More information about the Oisf-users
mailing list