Improve Kerberos DPD and fix a few parse errors.

2025-10-17 14:08:20 +00:00 · 2015-01-23 17:22:10 -05:00 · 2015-01-23 17:22:10 -05:00 · 1f41c0470c
commit 1f41c0470c
parent b8376ca733
4 changed files with 88 additions and 61 deletions
--- a/scripts/base/protocols/krb/dpd.sig
+++ b/scripts/base/protocols/krb/dpd.sig
@ -1,7 +1,26 @@
-signature dpd_krb_udp {
+# This is the ASN.1 encoded version and message type headers
+
+signature dpd_krb_udp_requests {
 	ip-proto == udp
-	payload /\x6c...\x30...\xa1\x03\x02\x05/
+	payload /(\x6a|\x6c).{1,4}\x30.{1,4}\xa1\x03\x02\x01\x05\xa2\x03\x02\x01/
 	enable "krb"
 }

+signature dpd_krb_udp_replies {
+	ip-proto == udp
+	payload /(\x6b|\x6d|\x7e).{1,4}\x30.{1,4}\xa0\x03\x02\x01\x05\xa1\x03\x02\x01/
+	enable "krb"
+}
+
+signature dpd_krb_tcp_requests {
+	ip-proto == tcp
+	payload /.{4}(\x6a|\x6c).{1,4}\x30.{1,4}\xa1\x03\x02\x01\x05\xa2\x03\x02\x01/
+	enable "krb_tcp"
+}
+
+signature dpd_krb_tcp_replies {
+	ip-proto == tcp
+	payload /.{4}(\x6b|\x6d|\x7e).{1,4}\x30.{1,4}\xa0\x03\x02\x01\x05\xa1\x03\x02\x01/
+	enable "krb_tcp"
+}