Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/rdp/dpd.sig
Anthony Kasza 60644bc85f Add RDP over UDP analyzer
2020-04-02 17:53:47 -07:00

21 lines
411 B
Standard ML
Raw Blame History

signature dpd_rdp_client {
ip-proto == tcp
# Client request
payload /.*(Cookie: mstshash\=|Duca.*(rdpdr|rdpsnd|drdynvc|cliprdr))/
requires-reverse-signature dpd_rdp_server
enable "rdp"
}
signature dpd_rdp_server {
ip-proto == tcp
payload /(.{5}\xd0|.*McDn)/
}
signature dpd_rdpeudp_syn {
ip-proto == udp
payload-size <= 1232
payload-size >= 1132
payload /^\xff{4}.{2}.{1}\x01/
enable "rdpeudp"
}
Reference in a new issue View git blame Copy permalink