Actions
Bug #4767
closed
EP
EP
Rule error in SMB dce_iface and dce_opnum keywords
Bug #4767:
Rule error in SMB dce_iface and dce_opnum keywords
Affected Versions:
Effort:
Difficulty:
Label:
Description
The SMB dce_iface and dce_opnum keywords don't match.
Following rule and the associated pcap can be used to test this behavior:
alert smb any any -> any any (\
msg: "SMB-DCE EnumPrinterDrivers";\
dce_iface: 12345678-1234-abcd-ef00-0123456789ab;\
dce_opnum: 10;\
sid: 1;\
)
Files
VJ Updated by Victor Julien over 4 years ago
- Related to Bug #4769: dcerpc dce_iface just match a packet added
VJ Updated by Victor Julien over 4 years ago
- Related to Bug #3109: dcerpc engine not generating alerts added
SB Updated by Shivani Bhardwaj over 4 years ago
- Status changed from New to Assigned
- Target version set to 7.0.0-beta1
- Label Needs backport to 5.0, Needs backport to 6.0 added
SB Updated by Shivani Bhardwaj over 4 years ago
- Copied to Bug #4925: Rule error in SMB dce_iface and dce_opnum keywords (6.0.x backport) added
SB Updated by Shivani Bhardwaj over 4 years ago
- Copied to Bug #4926: Rule error in SMB dce_iface and dce_opnum keywords (5.0.x backport) added
SB Updated by Shivani Bhardwaj about 4 years ago
- Status changed from Assigned to Closed
Closed by PR: https://github.com/OISF/suricata/pull/6860
VJ Updated by Victor Julien almost 4 years ago
- Label deleted (
Needs backport to 5.0, Needs backport to 6.0)
Actions