Bug #4927: dcerpc dce_iface just match a packet - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4927

closed

dcerpc dce_iface just match a packet

Added by Shivani Bhardwaj almost 3 years ago. Updated almost 3 years ago.

Status:

Closed

Priority:

High

Assignee:

Eloy Pérez

Target version:

6.0.5

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Description

The dce_iface dcerpc keyword just match the packet following the bind.

alert dcerpc any any -> any any (\
      msg: "DCE Netlogon";\
      flow: to_server;\
      dce_iface: 12345678-1234-abcd-ef00-01234567cffb;\
      sid: 1;\
      )

Files

test-dce-iface.pcapng (3.34 KB) test-dce-iface.pcapng

Pcap with many dcerpc requests

Eloy Pérez, 10/20/2021 11:12 AM

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4927

dcerpc dce_iface just match a packet

Updated by Shivani Bhardwaj almost 3 years ago

Updated by Shivani Bhardwaj almost 3 years ago

Updated by Eloy Pérez almost 3 years ago

Updated by Shivani Bhardwaj almost 3 years ago

Updated by Shivani Bhardwaj almost 3 years ago