General

Profile

Kirby Kuehl

Issues

Projects

Activity

06/06/2011

09:38 AM Suricata Feature #289 (Closed): Improve DCERPC Big Endian support.
See http://www.antievasion.com/principles/principles/part-3
Specifically the msrpc_big_endian.pcap
Also made the ...
Kirby Kuehl

07/25/2010

04:36 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
The alert:
sid:3409 in VRT rules
The UUID suricata decodes:...
Kirby Kuehl
04:12 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
This patch fixes handling multiple DCERPC fragments within a single packet.
When dumping the UUID and the fully asse...
Kirby Kuehl

07/09/2010

06:34 PM Suricata Bug #200: smb/dcerpc attack traffic not parsed properly
The patch correctly addresses the problem where the smb parser was not correctly invoking the DCERPC parser, so I bel... Kirby Kuehl
12:03 PM Suricata Bug #200: smb/dcerpc attack traffic not parsed properly
Properly handle ByteCount of 0. Kirby Kuehl
12:06 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
Will, can you try this again with the patch contained in Bug ID #200. Kirby Kuehl

06/19/2010

05:49 PM Suricata Bug #94: dcerpc over udp
Please ignore that two patches dated 02/16/2010 and apply the latest three. Kirby Kuehl
03:54 PM Suricata Bug #168: memory leak in DCERPC handling
Nevermind, found the leak just by looking. Patch coming soon. Kirby Kuehl
03:46 PM Suricata Bug #168: memory leak in DCERPC handling
Do you have a packet capture that generates this leak, or how was it produced? Starting to investigate with valgrind. Kirby Kuehl

05/07/2010

10:42 AM Suricata Bug #150: Supress AppLayerParse() errors emitted by SMB and DCERPC by returning 0 instead of -1 on nonfatal errors.
Yes, your fix looks correct. I do not know why the
if ((p - input < 0))
check was there in the first place. Consi...
Kirby Kuehl

Also available in: Atom