General

Profile

Kirby Kuehl

Issues

Projects

Activity

06/06/2011

09:38 AM Suricata Feature #289 (Closed): Improve DCERPC Big Endian support.
See http://www.antievasion.com/principles/principles/part-3
Specifically the msrpc_big_endian.pcap
Also made the ...

07/25/2010

05:55 PM Suricata Revision e8ecc94d: fix multiple dcerpc fragments in one packet
04:36 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
The alert:
sid:3409 in VRT rules
The UUID suricata decodes:...
04:12 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
This patch fixes handling multiple DCERPC fragments within a single packet.
When dumping the UUID and the fully asse...

07/15/2010

11:10 AM Suricata Revision 18840bd9: properly handle bytecount of 0

07/09/2010

06:34 PM Suricata Bug #200: smb/dcerpc attack traffic not parsed properly
The patch correctly addresses the problem where the smb parser was not correctly invoking the DCERPC parser, so I bel...
12:06 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
Will, can you try this again with the patch contained in Bug ID #200.
12:03 PM Suricata Bug #200: smb/dcerpc attack traffic not parsed properly
Properly handle ByteCount of 0.

06/22/2010

02:18 AM Suricata Revision 83c2cdab: remove printf
02:18 AM Suricata Revision f49c743d: dont alloc 0 length fragment

Also available in: Atom