[Oisf-users] HTTP Stateful parsing
Cooper F. Nelson
cnelson at ucsd.edu
Thu Oct 27 22:48:56 UTC 2016
HTTP is stateless at layer 7.
TCP is stateful at layer 5. That's what suricata is tracking.
Stateful detection is very important, otherwise it would be easy for
attackers to create fake TCP alerts by spoofing source addresses.
-Coop
On 10/27/2016 12:38 AM, Vishal Kotalwar wrote:
> Hi All,
>
> HTTP is a stateless protocol, so I would like to know why does
> suricata have stateful parsing and how does it help suricata in better
> detection?
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161027/19a2c3ee/attachment-0002.sig>
More information about the Oisf-users
mailing list