Hi everybody,
is there any particular reason why the DCE_RPC/NTLM protocols are disabled by default in the DPD framework? (both protocols are in DPD::ignore_violations).
Thanks
Mauro
Hi everybody,
is there any particular reason why the DCE_RPC/NTLM protocols are disabled by default in the DPD framework? (both protocols are in DPD::ignore_violations).
Thanks
Mauro
Being in DPD::ignore_violations doesn't exactly mean "DPD is disabled
for those analyzers". It's more like "if an analyzer has previously
issued a protocol confirmation signal, but later issues a protocol
violation signal, then disable that analyzer except if it's in
DPD::ignore_violations". So it's actually used to prevent the
disabling of analyzers.
However, I don't know the origins of DPD::ignore_violations, why it
works that way, or why the DCE_RPC/NTLM protocols are in that set.
- Jon