Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/dce-rpc
History
Arne Welzel 6517ed94f2 smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 
This patch does two things:

1) For SMB close requests, tear down any associated DCE-RPC
   analyzer if one exists.

2) Protect from fid_to_analyzer_map growing unbounded by introducing a
   new SMB::max_dce_rpc_analyzers limit and forcefully wipe the
   analyzers if exceeded. Propagate this to script land as event
   smb_discarded_dce_rpc_analyzers() for additional cleanup.

This is mostly to fix how the binpac SMB analyzer tracks individual
DCE-RPC analyzers per open fid. Connections that re-open the same or
different pipe may currently allocate unbounded number of analyzers.

Closes #3145.
2023-06-30 15:14:32 +02:00
..
__load__.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
consts.zeek Update dce-rpc constants 2023-06-15 15:08:56 -07:00
dpd.sig Fixes for DCE_RPC analyzer 2016-10-08 10:00:26 -04:00
main.zeek smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 2023-06-30 15:14:32 +02:00
README Added missing README files for documentation 2016-10-10 22:55:50 -05:00

README 

Support for DCE/RPC (Distributed Computing Environment/Remote Procedure
Calls) protocol analysis.