Project

General

Profile

Actions
Copy link

Bug #4928

closed

dcerpc dce_iface just match a packet (5.0.x backport)

Added by Shivani Bhardwaj almost 3 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
5.0.8
Effort:
Difficulty:
Label:

Description

The dce_iface dcerpc keyword just match the packet following the bind.

alert dcerpc any any -> any any (\
      msg: "DCE Netlogon";\
      flow: to_server;\
      dce_iface: 12345678-1234-abcd-ef00-01234567cffb;\
      sid: 1;\
      )

Files

test-dce-iface.pcapng (3.34 KB) test-dce-iface.pcapng Pcap with many dcerpc requests Eloy Pérez, 10/20/2021 11:12 AM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4769: dcerpc dce_iface just match a packetClosedEloy PérezActions
Actions
Copy link
 #1

Updated by Shivani Bhardwaj almost 3 years ago

  • Copied from Bug #4769: dcerpc dce_iface just match a packet added
Actions
Copy link
 #2

Updated by Eloy Pérez almost 3 years ago

  • Assignee changed from Shivani Bhardwaj to Eloy Pérez
Actions
Copy link
 #3

Updated by Victor Julien over 2 years ago

  • Target version changed from 5.0.9 to 5.0.10
Actions
Copy link
 #4

Updated by Victor Julien over 2 years ago

  • Subject changed from dcerpc dce_iface just match a packet to dcerpc dce_iface just match a packet (5.0.x backport)
  • Status changed from Assigned to Rejected
  • Assignee deleted (Eloy Pérez)
  • Priority changed from High to Normal
  • Target version deleted (5.0.10)

Closing as this is too intrusive for 5.0.x which is EOL soon.

Actions
Copy link

Also available in: Atom PDF