Project

General

Profile

Actions
Copy link

Feature #650

closed

add support for libhtp event request port doesn't match tcp port

Added by Victor Julien almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.4rc1
Effort:
Difficulty:
Label:

Description

libhtp detects if port specified in uri or host hdr doesn't match the actual tcp server port.

Actions
Copy link
 #1

Updated by Victor Julien almost 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Fixed by:

commit 9f519e95a275e478051c6f270caced2e93541acf
Author: Victor Julien <victor@inliniac.net>
Date:   Fri Nov 23 10:56:22 2012 +0100

    http: add event for libhtp detection of request port not matching tcp port.

Added:

# Warn when the port in the Host: header doesn't match the actual TCP Server port.
alert http any any -> any any (msg:"SURICATA HTTP request server port doesn't match TCP port"; flow:established,to_server; app-layer-event:http.request_server_port_tcp_port_mismatch; flowint:http.anomaly.count,+,1; classtype:protocol-
command-decode; sid:2221026; rev:1;)

Actions
Copy link

Also available in: Atom PDF