zeek/scripts/base/protocols/dnp3/dpd.sig at b83d4a9c849378c30a16f8b775d961616ad8dff2 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00

Jon Siwek b83d4a9c84 Fix some things in DNP3 UDP analyzer.

- DeliverPacket override had a wrong parameter.
- Change the DNP3 plugin to provide both UDP and TCP analyzer versions.
- Add a DPD signature.

2014-08-06 15:41:53 -05:00

15 lines

243 B

Standard ML

Raw Blame History

 # DNP3 packets always starts with 0x05 0x64 .
 signature dpd_dnp3_server {
 	ip-proto == tcp
 	payload /\x05\x64/
 	tcp-state responder
  	enable "dnp3"
 }
 signature dpd_dnp3_server_udp {
 	ip-proto == udp
 	payload /\x05\x64/
 	enable "dnp3_udp"
 }