[Oisf-users] X-Real-IP and X-Real-Port headers from Akamai
Jack Mott
jmott at emergingthreats.net
Wed Jul 11 17:41:13 UTC 2018
Hi C. L.,
Do you have a PCAP or logs that you can share (offline is fine) to look at?
Best,
Jack
On Wed, Jul 11, 2018 at 9:04 AM, C. L. Martinez <carlopmart at gmail.com>
wrote:
> Please, any tip?
>
> On Mon, Jul 9, 2018 at 12:41 PM, C. L. Martinez <carlopmart at gmail.com>
> wrote:
>
>> Hi all,
>>
>> We have detected two Akamai headers that we can't to use them to trigger
>> alerts: X-Real-IP and X-Real-Port (we are using Suricata 4.1-beta1).
>>
>> X-Real-IP appears as a second or third field under XFF, but we can't
>> catch them to trigger alerts.
>>
>> Any idea how can we deal with this?
>>
>> Thanks.
>>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180711/b4bd3f77/attachment.html>
More information about the Oisf-users
mailing list