Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixes for DCE_RPC analyzer

Browse source 
- DCE_RPC fragmentation handling returns!
  - Fixed some general parsing issues
  - Fixed an issue with the DCE_RPC signature not working for IPv6 connections.
This commit is contained in:
Seth Hall 2016-10-08 10:00:26 -04:00
parent 14c119c7f9
commit 029d92183e
7 changed files with 79 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/protocols/dce-rpc/dpd.sig
View file

@ -1,6 +1,5 @@
signature dpd_dce_rpc {
ip-proto == tcp
payload /^\x05[\x00\x01][\x00-\x13]\x03/
payload /\x05[\x00\x01][\x00-\x13]/
enable "DCE_RPC"
}
}

2
scripts/base/protocols/dce-rpc/main.bro
View file

@ -204,4 +204,4 @@ event connection_state_remove(c: connection)
Log::write(LOG, c$dce_rpc);
}
}
}
}