Actions
Feature #2767
openInterception of network stack attacks
Effort:
Difficulty:
Label:
Description
Hello, Team!
Please add the ability to detect bytes in traffic that is not included under the transport or network layer.
For example, a broken UDP packet in which there is a payload for RCE vulnerability. In this packet the size of UDP and IP (fields «Total Length» of IP and «Length» of UDP) was cuted in the hex editor. Only 1 byte for the size of the data is specified in the UDP header (in the image from attach it's Data 06). But the "evil" payload in the packet remained outside UDP |00 00 05 00 01 00 00|. It is not possible to detect this data by suricata.
Best regards, Nikolay Lyamin
Files
Actions