zeek/scripts/base/protocols/dce-rpc/dpd.sig at 520ac8d92c6f08f225f3e597eabf1ec5597fc7dc - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00

Seth Hall 520ac8d92c Merge remote-tracking branch 'origin/master' into topic/seth/smb

# Conflicts:
#	scripts/base/protocols/dce-rpc/main.bro
#	scripts/base/protocols/ntlm/main.bro
#	scripts/policy/protocols/smb/smb1-main.bro
#	src/analyzer/protocol/smb/smb-common.pac
#	src/analyzer/protocol/smb/smb-strings.pac
#	src/analyzer/protocol/smb/smb1-com-locking-andx.pac
#	src/analyzer/protocol/smb/smb1-com-logoff-andx.pac
#	src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
#	src/analyzer/protocol/smb/smb1-com-open-andx.pac
#	src/analyzer/protocol/smb/smb1-com-read-andx.pac
#	src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
#	src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
#	src/analyzer/protocol/smb/smb1-com-transaction.pac
#	src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
#	src/analyzer/protocol/smb/smb1-com-write-andx.pac
#	src/analyzer/protocol/smb/smb1-protocol.pac

2016-08-08 15:46:49 -04:00

6 lines

No EOL

103 B

Standard ML

Raw Blame History

 signature dpd_dce_rpc {
 	ip-proto == tcp
 	payload /^\x05[\x00\x01][\x00-\x13]\x03/
 	enable "DCE_RPC"
 }