###############################################################################
# OOB (WinNuke) Module -
#
# WinNuke DoS attack. Looks for the Urgent Pointer == 3, which
# caused NT/95 boxes to fall over.
#
#	-sili@l0pht.com
###############################################################################


the_schema= library_schema:new( 1, [ "time","ip","ip" ],
		scope() );

filter oob tcp (client, dport: 139)
{
	$urgpointer=long(ip.blob,16); #Urgent == OOB
	if ($urgpointer == 3)	
	  record system.time, ip.src, ip.dst to the_recorder;
}

the_recorder=recorder("bin/histogram packages/test/oob.cfg", 
	"the_schema");