Project

General

Profile

Actions

Feature #1125

closed

smtp: improve protocol detection

Added by Victor Julien over 10 years ago. Updated 4 months ago.

Status:
Closed
Priority:
Low
Target version:
Effort:
Difficulty:
Label:

Description

Currently SMTP is only detected if the client starts the conversation with HELO, EHLO or QUIT.

The server stream is not used for protocol detection.


Related issues 7 (3 open4 closed)

Related to Suricata - Bug #2978: IRC traffic parsed by FTPIn ProgressPhilippe AntoineActions
Related to Suricata - Task #2757: improve protocol detectionIn ReviewPhilippe AntoineActions
Related to Suricata - Bug #6283: FTP parsing yields in some cases smtp and http event typesRejectedOISF DevActions
Related to Suricata - Feature #6366: pop3 protocol detectionClosedPhilippe AntoineActions
Related to Suricata - Bug #6591: protodetect: ftp parsed as smtpNewOISF DevActions
Blocked by Suricata - Feature #2572: extend protocol detection to specify flow directionClosedVictor JulienActions
Blocked by Suricata - Bug #5769: Incomplete values for .stats."app_layer".flow.protoClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF