Merge remote-tracking branch 'origin/master' into topic/seth/faf-updates

Conflicts: magic
2025-10-08 17:48:21 +00:00 · 2013-07-16 12:09:53 -04:00 · 2013-07-16 12:09:53 -04:00 · 7838113dc2
commit 7838113dc2
parent eb7ceb3e9a 18201afcf8
13 changed files with 2910 additions and 451 deletions
--- a/scripts/base/protocols/pop3/load.bro
+++ b/scripts/base/protocols/pop3/load.bro
@ -0,0 +1,2 @@
+
+@load-sigs ./dpd.sig
--- a/scripts/base/protocols/pop3/dpd.sig
+++ b/scripts/base/protocols/pop3/dpd.sig
@ -0,0 +1,13 @@
+signature dpd_pop3_server {
+  ip-proto == tcp
+  payload /^\+OK/
+  requires-reverse-signature dpd_pop3_client
+  enable "pop3"
+  tcp-state responder
+}
+
+signature dpd_pop3_client {
+  ip-proto == tcp
+  payload /(|.*[\r\n])[[:space:]]*([uU][sS][eE][rR][[:space:]]|[aA][pP][oO][pP][[:space:]]|[cC][aA][pP][aA]|[aA][uU][tT][hH])/
+  tcp-state originator
+}