Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add Teredo tunnel decapsulation.

Browse source 
Also fix header truncation check for IPv6 No Next header and add an
"ipv6_no_next" weird for such packets that aren't tunneled over Teredo
(which it calls "bubbles" and are used to create mappings in NATs).
This commit is contained in:
Jon Siwek 2012-05-25 12:37:35 -05:00
parent 0d7d74e11b
commit 8cd36f158b
14 changed files with 236 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/frameworks/dpd/dpd.sig
View file

@ -156,6 +156,12 @@ signature dpd_ayiya {
enable "ayiya"
}
signature dpd_teredo {
ip-proto = udp
payload /^(\x00\x00)|(\x00\x01)|([\x60-\x6f])/
enable "teredo"
}
signature dpd_socks_client {
ip-proto == tcp
# '32' is a rather arbitrary max length for the user name.