Feature #650
closed
add support for libhtp event request port doesn't match tcp port
Added by Victor Julien almost 12 years ago.
Updated almost 12 years ago.
Description
libhtp detects if port specified in uri or host hdr doesn't match the actual tcp server port.
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Fixed by:
commit 9f519e95a275e478051c6f270caced2e93541acf
Author: Victor Julien <victor@inliniac.net>
Date: Fri Nov 23 10:56:22 2012 +0100
http: add event for libhtp detection of request port not matching tcp port.
Added:
# Warn when the port in the Host: header doesn't match the actual TCP Server port.
alert http any any -> any any (msg:"SURICATA HTTP request server port doesn't match TCP port"; flow:established,to_server; app-layer-event:http.request_server_port_tcp_port_mismatch; flowint:http.anomaly.count,+,1; classtype:protocol-
command-decode; sid:2221026; rev:1;)
Also available in: Atom
PDF