Add a signature for SMB

2025-10-02 14:48:21 +00:00 · 2016-03-07 16:03:31 -05:00 · 2016-03-07 16:03:31 -05:00 · c63ad1cdcf
commit c63ad1cdcf
parent 6e842cf4da
2 changed files with 8 additions and 1 deletions
--- a/scripts/base/protocols/smb/load.bro
+++ b/scripts/base/protocols/smb/load.bro
@ -5,4 +5,6 @@
@load ./pipe
@load ./smb1-main
@load ./smb2-main
-@load ./files
+@load ./files
+
+@load-sigs ./dpd.sig
--- a/scripts/base/protocols/smb/dpd.sig
+++ b/scripts/base/protocols/smb/dpd.sig
@ -0,0 +1,5 @@
+signature dpd_smb {
+	ip-proto == tcp
+	payload /^....[\xfe\xff]SMB/
+	enable "smb"
+}