Snort mailing list archives
Re: rpc_decode/dcerpc2
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Fri, 20 Mar 2009 10:47:37 -0400
That clears up my confusion. Saw "rpc_decode" and then "The dcerpc preprocessor detects and decodes SMB and DCE/RPC traffic" from the snort.conf comments. thx, Wally On Fri, Mar 20, 2009 at 10:18 AM, Martin Roesch <roesch () sourcefire com> wrote:
They're supposed to be used together, dcerpc is the RPC protocol that Microsoft uses and rpc_decode is used for the Sun RPC protocol. Marty On Fri, Mar 20, 2009 at 9:35 AM, Jason Wallace <jason.r.wallace () gmail com> wrote:Is dcerpc2 a replacement for rpc_decode, or are they suppose to be used together? thx, Wally ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rpc_decode/dcerpc2 Jason Wallace (Mar 20)
- Re: rpc_decode/dcerpc2 Joel Esler (Mar 20)
- Re: rpc_decode/dcerpc2 Martin Roesch (Mar 20)
- Re: rpc_decode/dcerpc2 Jason Wallace (Mar 20)