zeek/scripts/base/protocols/dce-rpc/dpd.sig at 68d0f697eb79d8408d0a9616ecbce1d74c6672b3 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Seth Hall 5721db4be7 Lots of cleanup and improvement to DCE/RPC analyzer.

- It works with DCE/RPC over SMB1+2 now.
   - Using named pipes in 1+2 and the transaction cmd in SMB1.
 - Base scripts based on work by Josh Liburdi.
 - New dce_rpc.log.  Feedback on how to make this log more compact
   and useful would be appreciated.

2016-04-01 09:38:52 -04:00

6 lines

No EOL

103 B

Standard ML

Raw Blame History

 signature dpd_dce_rpc {
 	ip-proto == tcp
 	payload /^\x05[\x00\x01][\x00-\x13]\x03/
 	enable "DCE_RPC"
 }