Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/dce-rpc
History
Seth Hall 003b32f904 Fixes to DCE_RPC analysis 
- Previously there was an (incorrect) assumption that a TCP conneciton
   would only ever have one DCE_RPC binding.  That assumption was
   incorrect and with named pipes over SMB there can be multiple
   concurrent DCE_RPC bindings.  This commit fixes that assumption by
   dynamically creating a new DCE_RPC analyzer whenever a new, unknown
   binding is created.
 - There is a crash fix in how string handling in the bind_ack message
   was done.
 - Named pipe handling over SMB1 is still not working quite right
   and problems will show up with multiplexed DCE_RPC bindings.
2016-04-06 12:37:09 -04:00
..
__load__.bro Move some of the last DCE_RPC scripts out of SMB scripts. 2016-04-03 15:48:47 -04:00
consts.bro Clean up and moving a few SMB2 commands out into their own files. 2016-04-01 22:45:07 -04:00
dpd.sig Lots of cleanup and improvement to DCE/RPC analyzer. 2016-04-01 09:38:52 -04:00
endpoint-atsvc.bro Move some of the last DCE_RPC scripts out of SMB scripts. 2016-04-03 15:48:47 -04:00
main.bro Fixes to DCE_RPC analysis 2016-04-06 12:37:09 -04:00