[Bro-Dev] Bro DCE-RPC Fix for AlterContext and AlterContextResponse Parsers
Fernandez, Mark I
mfernandez at mitre.org
Thu Feb 8 04:16:02 PST 2018
Hi Seth,
Yes, I have a pcap containing the ALTER_CONTEXT req/resp packets. I will start working on the bug fix and submit to BIT, with pcap and test script, hopefully soon.
Cheers,
Mark
-----Original Message-----
From: Seth Hall [mailto:seth at corelight.com]
Sent: Saturday, February 3, 2018 10:46 PM
To: Fernandez, Mark I <mfernandez at mitre.org>
Cc: bro-dev at bro.org
Subject: Re: [Bro-Dev] Bro DCE-RPC Fix for AlterContext and AlterContextResponse Parsers
On 2 Feb 2018, at 9:54, Fernandez, Mark I wrote:
> 5. Bro Issue Tracker
>
> I plan to submit this to Bro Issue Tracker. Just wanted to give you a
> heads up here.
Thanks Mark! Those were probably my comments. Unfortunately there were
a number of areas where I just ran out of steam doing investigations
into why things were happening the way they were so this investigation
is deeply appreciated.
Do you have PCAPs with ALTER_CONTEXT messages in them? Because this is
difficult-to-understand change without seeing actual traffic it would be
best if you were able to submit the changes along with tests.
Thanks,
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the bro-dev
mailing list