zeek/scripts/base/protocols/http/dpd.sig at a09d8e94e0a643cc61c8c4cf5ff95771531f1dcb - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Seth Hall 39444b5af7 Moved DPD signatures into script specific directories.

- This caused us to lose signatures for POP3 and Bittorrent.  These will
   need discovered in the repository again when we add scripts
   for those analyzers.

2013-07-09 22:44:55 -04:00

13 lines

281 B

Standard ML

Raw Blame History

 signature dpd_http_client {
   ip-proto == tcp
   payload /^[[:space:]]*(GET|HEAD|POST)[[:space:]]*/
   tcp-state originator
 }
 signature dpd_http_server {
   ip-proto == tcp
   payload /^HTTP\/[0-9]/
   tcp-state responder
   requires-reverse-signature dpd_http_client
   enable "http"
 }