Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Make DCE_RPC skip input in strange fragment circumstances.

Browse source 
If there are too many concurrent fragments or too much
data fragmented, skip further input on DCE_RPC.
This commit is contained in:
Seth Hall 2016-10-24 13:50:13 -04:00
parent c88719472b
commit 36ae5e6662
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/protocols/dce-rpc/consts.bro
View file

@ -4,12 +4,12 @@ module DCE_RPC;
export {
## The maximum number of simultaneous fragmented commands that
## the analyzer will tolerate before the analyzer will generate
## a weird and remove itself from the connection.
## a weird and skip further input.
const max_cmd_reassembly = 20 &redef;
## The maximum number of fragmented bytes that will be tolerated
## on a command before the analyzer will generate a weird and
## remove itself from the connection.
## skip further input.
const max_frag_data = 30000 &redef;
const uuid_endpoint_map: table[string] of string = {