Traffic-Associated DCE/RPC Rules
Most DCE/RPC preprocessor rules trigger against anomalies and evasion techniques detected in SMB, connection-oriented DCE/RPC, or connectionless DCE/RPC traffic. The following table identifies the rules that you can enable for each type of traffic.
|
Traffic |
Preprocessor Rule GID:SID |
|---|---|
|
SMB |
133:2 through 133:26, and 133:48 through 133:59 |
|
Connection-Oriented DCE/RPC |
133:27 through 133:39 |
|
Detect Connectionless DCE/RPC |
133:40 through 133:43 |