[Oisf-users] HTTP Stateful parsing

Cooper F. Nelson cnelson at ucsd.edu
Thu Oct 27 22:48:56 UTC 2016

HTTP is stateless at layer 7.

TCP is stateful at layer 5.  That's what suricata is tracking.

Stateful detection is very important, otherwise it would be easy for
attackers to create fake TCP alerts by spoofing source addresses.


On 10/27/2016 12:38 AM, Vishal Kotalwar wrote:
> Hi All,
>     HTTP is a stateless protocol, so I would like to know why does
> suricata have stateful parsing and how does it help suricata in better
> detection?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161027/19a2c3ee/attachment-0002.sig>

More information about the Oisf-users mailing list