Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'topic/jgras/pop3-stls-dpd' of https://github.com/J-Gras/zeek

Browse source 
* 'topic/jgras/pop3-stls-dpd' of https://github.com/J-Gras/zeek:
  Add STLS command to POP3 DPD signature
This commit is contained in:
Johanna Amann 2025-05-15 10:21:53 +01:00
commit 9d3e39581e
4 changed files with 10 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

7
CHANGES
View file

@ -1,3 +1,10 @@
8.0.0-dev.100 | 2025-05-15 10:21:53 +0100
* Add STLS command to POP3 DPD signature.
Pop3 connections that use StartTLS now should be detected on non-default ports.
(Jan Grashoefer, Corelight)
8.0.0-dev.96 | 2025-05-13 19:50:47 +0200 8.0.0-dev.96 | 2025-05-13 19:50:47 +0200
* fix for ZAM optimization when an aggregate is modified inside of a loop (Vern Paxson, Corelight) * fix for ZAM optimization when an aggregate is modified inside of a loop (Vern Paxson, Corelight)

2
VERSION
View file

@ -1 +1 @@
8.0.0-dev.96 8.0.0-dev.100

2
scripts/base/protocols/pop3/dpd.sig
View file

@ -8,6 +8,6 @@ signature dpd_pop3_server {
signature dpd_pop3_client { signature dpd_pop3_client {
ip-proto == tcp ip-proto == tcp
payload /(|.*[\r\n])[[:space:]]*([uU][sS][eE][rR][[:space:]]|[aA][pP][oO][pP][[:space:]]|[cC][aA][pP][aA]|[aA][uU][tT][hH])/ payload /(|.*[\r\n])[[:space:]]*([uU][sS][eE][rR][[:space:]]|[aA][pP][oO][pP][[:space:]]|[cC][aA][pP][aA]|[aA][uU][tT][hH]|[sS][tT][lL][sS])/
tcp-state originator tcp-state originator
} }

13
testing/btest/scripts/base/protocols/pop3/starttls.zeek
View file

@ -5,15 +5,4 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/pop3
module POP3;
const ports = {
110/tcp
};
redef likely_server_ports += { ports };
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_POP3, ports);
}