Actions
Bug #4769
closed
EP
EP
dcerpc dce_iface just match a packet
Bug #4769:
dcerpc dce_iface just match a packet
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0
Description
The dce_iface dcerpc keyword just match the packet following the bind.
alert dcerpc any any -> any any (\
msg: "DCE Netlogon";\
flow: to_server;\
dce_iface: 12345678-1234-abcd-ef00-01234567cffb;\
sid: 1;\
)
Files
VJ Updated by Victor Julien over 4 years ago
- Related to Bug #3109: dcerpc engine not generating alerts added
VJ Updated by Victor Julien over 4 years ago
- Related to Bug #4767: Rule error in SMB dce_iface and dce_opnum keywords added
SB Updated by Shivani Bhardwaj over 4 years ago
- Status changed from New to Assigned
- Target version set to 7.0.0-beta1
- Label Needs backport to 5.0, Needs backport to 6.0 added
SB Updated by Shivani Bhardwaj over 4 years ago
- Copied to Bug #4927: dcerpc dce_iface just match a packet added
SB Updated by Shivani Bhardwaj over 4 years ago
- Copied to Bug #4928: dcerpc dce_iface just match a packet (5.0.x backport) added
SB Updated by Shivani Bhardwaj about 4 years ago
- Status changed from Assigned to Closed
Closed by PR: https://github.com/OISF/suricata/pull/6860
Actions