zeek/scripts/base/protocols/tunnels/dpd.sig at 69a7dd03bc2e2add8f56bb682457e11d39fad65b - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Seth Hall 39444b5af7 Moved DPD signatures into script specific directories.

- This caused us to lose signatures for POP3 and Bittorrent.  These will
   need discovered in the repository again when we add scripts
   for those analyzers.

2013-07-09 22:44:55 -04:00

14 lines

288 B

Standard ML

Raw Blame History

 # Provide DPD signatures for tunneling protocols that otherwise
 # wouldn't be detected at all.
 signature dpd_ayiya {
   ip-proto = udp
   payload /^..\x11\x29/
   enable "ayiya"
 }
 signature dpd_teredo {
   ip-proto = udp
   payload /^(\x00\x00)|(\x00\x01)|([\x60-\x6f])/
   enable "teredo"
 }