From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Sat, 13 Feb 2021 11:22:08 +0000 (+0530)
Subject: dcerpc/udp: remove test as pcap is not good
X-Git-Tag: suricata-6.0.4~148
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9cb37e0a920e6c64c52bfceb209058667d44491f;p=thirdparty%2Fsuricata-verify.git

dcerpc/udp: remove test as pcap is not good

The pcap contains a lot of suspicious data that does not look like
DCERPC/UDP e.g. body in auth verifier. It is not properly handled by
applayer UDP parser with the probe function as there are UDP packets
preceding DCERPC/UDP causing failures.
---

diff --git a/tests/dcerpc/dcerpc-udp/input.pcap b/tests/dcerpc/dcerpc-udp/input.pcap
deleted file mode 100644
index f2f6e0ade..000000000
Binary files a/tests/dcerpc/dcerpc-udp/input.pcap and /dev/null differ
diff --git a/tests/dcerpc/dcerpc-udp/test.yaml b/tests/dcerpc/dcerpc-udp/test.yaml
deleted file mode 100644
index 2bfae8a2e..000000000
--- a/tests/dcerpc/dcerpc-udp/test.yaml
+++ /dev/null
@@ -1,238 +0,0 @@
-requires:
-  min-version: 6.0
-
-args:
-- -k none
-
-checks:
-- filter:
-    count: 8
-    match:
-      dcerpc.request: REQUEST
-      dcerpc.response: UNREPLIED
-      dcerpc.activityuuid: "00000000-0000-0000-0000-000000000000"
-      dcerpc.seqnum: 0
-      dcerpc.rpc_version: "4.0"
-      event_type: dcerpc
-      proto: UDP
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3704
-      proto: TCP
-      smb.client_dialects[0]: PC NETWORK PROGRAM 1.0
-      smb.client_dialects[1]: LANMAN1.0
-      smb.client_dialects[2]: Windows for Workgroups 3.1a
-      smb.client_dialects[3]: LM1.2X002
-      smb.client_dialects[4]: LANMAN2.1
-      smb.client_dialects[5]: NT LM 0.12
-      smb.command: SMB1_COMMAND_NEGOTIATE_PROTOCOL
-      smb.dialect: NT LM 0.12
-      smb.id: 1
-      smb.server_guid: d523159e-e4af-4a9e-7b9b-4e318c6f6f36
-      smb.session_id: 0
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3709
-      proto: TCP
-      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 2
-      smb.request.native_lm: Windows 2002 5.1
-      smb.request.native_os: Windows 2002 Service Pack 3 2600
-      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
-      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
-      smb.session_id: 57346
-      smb.status: STATUS_MORE_PROCESSING_REQUIRED
-      smb.status_code: '0xc0000016'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3714
-      proto: TCP
-      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 3
-      smb.ntlmssp.domain: ''
-      smb.ntlmssp.host: PANELPC02
-      smb.ntlmssp.user: ''
-      smb.request.native_lm: Windows 2002 5.1
-      smb.request.native_os: Windows 2002 Service Pack 3 2600
-      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
-      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
-      smb.session_id: 57346
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3718
-      proto: TCP
-      smb.command: SMB1_COMMAND_TREE_CONNECT_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 4
-      smb.named_pipe: \IAS01\IPC$
-      smb.service.request: ?????
-      smb.service.response: IPC
-      smb.session_id: 57346
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 57349
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3721
-      proto: TCP
-      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 5
-      smb.request.native_lm: Windows 2002 5.1
-      smb.request.native_os: Windows 2002 Service Pack 3 2600
-      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
-      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
-      smb.session_id: 12291
-      smb.status: STATUS_MORE_PROCESSING_REQUIRED
-      smb.status_code: '0xc0000016'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3729
-      proto: TCP
-      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 6
-      smb.ntlmssp.domain: PANELPC02
-      smb.ntlmssp.host: PANELPC02
-      smb.ntlmssp.user: Administrator
-      smb.request.native_lm: Windows 2002 5.1
-      smb.request.native_os: Windows 2002 Service Pack 3 2600
-      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
-      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
-      smb.session_id: 12291
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3731
-      proto: TCP
-      smb.command: SMB1_COMMAND_TREE_CONNECT_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 7
-      smb.service.request: ?????
-      smb.session_id: 12291
-      smb.share: \IAS01\ARCHESTRA-ENGWESTBURY-INTOUCHVIEWAPP_PANELPC02
-      smb.status: STATUS_BAD_NETWORK_NAME
-      smb.status_code: '0xc00000cc'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 3844
-      proto: TCP
-      smb.command: SMB1_COMMAND_LOGOFF_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 8
-      smb.session_id: 12291
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dcerpc.call_id: 17305
-      dcerpc.interfaces[0].ack_result: 0
-      dcerpc.interfaces[0].uuid: 99fcfec4-5260-101b-bbcb-00aa0021347a
-      dcerpc.interfaces[0].version: '0.0'
-      dcerpc.request: BIND
-      dcerpc.response: BINDACK
-      dcerpc.rpc_version: '5.0'
-      dest_ip: 141.81.0.10
-      dest_port: 135
-      event_type: dcerpc
-      pcap_cnt: 5051
-      proto: TCP
-      src_ip: 141.81.0.187
-      src_port: 3802
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 10846
-      proto: TCP
-      smb.command: SMB1_COMMAND_LOGOFF_ANDX
-      smb.dialect: NT LM 0.12
-      smb.id: 9
-      smb.session_id: 57346
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 0
-      src_ip: 141.81.0.182
-      src_port: 4548
-- filter:
-    count: 1
-    match:
-      dest_ip: 141.81.0.10
-      dest_port: 139
-      event_type: smb
-      pcap_cnt: 10849
-      proto: TCP
-      smb.command: SMB1_COMMAND_TREE_DISCONNECT
-      smb.dialect: NT LM 0.12
-      smb.id: 10
-      smb.session_id: 57346
-      smb.status: STATUS_SUCCESS
-      smb.status_code: '0x0'
-      smb.tree_id: 57349
-      src_ip: 141.81.0.182
-      src_port: 4548