Iteolih: SMB/RPC efforts

During the last weeks I have been working on SMB and specifically DCERPC support for the Dionaea next generation low-interaction honeypot (buzz!).

SMB / CIFS is a huge protocol with several protocol versions and a lot of message types. The CIFS technical reference and the Implementing CIFS book have been constant companions for me since the beginning of the project.

What we basically want to achieve is having a stable base for registering certain known-to-be vulnerable RPC calls in modules to detect exploits and thus be able to collect malware. This way one can easily write a new module if a new patch or exploit gets released for yet another vulnerability without going through the hassle of implementing all SMB message types in each module. In the past we had to manually implement each one in a C++ module for the nepenthes honeypot.