- Login: kkuehl
- Email: email@example.com
- Registered on: 11/09/2009
- Last connection: 06/06/2011
- 09:38 AM Suricata Feature #289 (Closed): Improve DCERPC Big Endian support.
- See http://www.antievasion.com/principles/principles/part-3
Specifically the msrpc_big_endian.pcap
Also made the ...
- 04:36 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
- The alert:
sid:3409 in VRT rules
The UUID suricata decodes:...
- 04:12 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
- This patch fixes handling multiple DCERPC fragments within a single packet.
When dumping the UUID and the fully asse...
- 06:34 PM Suricata Bug #200: smb/dcerpc attack traffic not parsed properly
- The patch correctly addresses the problem where the smb parser was not correctly invoking the DCERPC parser, so I bel...
- 12:03 PM Suricata Bug #200: smb/dcerpc attack traffic not parsed properly
- Properly handle ByteCount of 0.
- 12:06 PM Suricata Bug #206: Missed detection when dealing with fragmented RPC traffic (ms03-026)
- Will, can you try this again with the patch contained in Bug ID #200.
- 05:49 PM Suricata Bug #94: dcerpc over udp
- Please ignore that two patches dated 02/16/2010 and apply the latest three.
- 03:54 PM Suricata Bug #168: memory leak in DCERPC handling
- Nevermind, found the leak just by looking. Patch coming soon.
- 03:46 PM Suricata Bug #168: memory leak in DCERPC handling
- Do you have a packet capture that generates this leak, or how was it produced? Starting to investigate with valgrind.
- 10:42 AM Suricata Bug #150: Supress AppLayerParse() errors emitted by SMB and DCERPC by returning 0 instead of -1 on nonfatal errors.
- Yes, your fix looks correct. I do not know why the
if ((p - input < 0))
check was there in the first place. Consi...
Also available in: Atom