Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Make Teredo DPD signature more precise.

Browse source 
Contributed by Martina Balint in https://github.com/bro/bro/pull/39.

(I didn't merge the github branch, as that has some more stuff in its
history. Instead I applied the single-line change directly.)
This commit is contained in:
Robin Sommer 2015-08-12 17:02:24 -07:00
parent 7d71f0047f
commit a9867c706d
3 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.4-86 | 2015-08-12 17:02:24 -0700
* Make Teredo DPD signature more precise. (Martina Balint.)
2.4-84 | 2015-08-10 14:44:39 -0700 2.4-84 | 2015-08-10 14:44:39 -0700
* Add hook 'HookSetupAnalyzerTree' to allow plugins access to a * Add hook 'HookSetupAnalyzerTree' to allow plugins access to a

2
VERSION
View file

@ -1 +1 @@
2.4-84 2.4-86

2
scripts/base/protocols/tunnels/dpd.sig
View file

@ -9,6 +9,6 @@ signature dpd_ayiya {
signature dpd_teredo { signature dpd_teredo {
ip-proto = udp ip-proto = udp
payload /^(\x00\x00)|(\x00\x01)|([\x60-\x6f])/ payload /^(\x00\x00)|(\x00\x01)|([\x60-\x6f].{7}((\x20\x01\x00\x00)).{28})|([\x60-\x6f].{23}((\x20\x01\x00\x00))).{12}/
enable "teredo" enable "teredo"
} }