zeek/scripts/policy/protocols/smb/dpd.sig at dc74fab2d58beaf1e401274043f9320eb9fb65ce - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Seth Hall 134d0922d5 Move the SMB analyzer out of the default load.

This also adds a note in the local.bro script about enabling
the SMB analyzer.

2016-06-14 15:34:00 -04:00

5 lines

No EOL

82 B

Standard ML

Raw Blame History

 signature dpd_smb {
 	ip-proto == tcp
 	payload /^....[\xfe\xff]SMB/
 	enable "smb"
 }