Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base
History
Arne Welzel 1b3e8a611e ftp/main: Skip get_pending_command() for intermediate reply lines 
Intermediate lines of multiline replies usually do not contain valid status
codes (even if servers may opt to include them). Their content may be anything
and likely unrelated to the original command. There's little reason for us
trying to match them with a corresponding command.

OSS-Fuzz generated a large command reply with very many intermediate lines
which caused long processing times due to matching every line with all
currently pending commands.
This is a DoS vector against Zeek. The new ipv6-multiline-reply.trace and
ipv6-retr-samba.trace files have been extracted from the external ipv6.trace.
2023-03-23 13:50:36 +01:00
..
files Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
frameworks Add pcap_file option to supervised nodes. 2023-03-21 16:18:02 +01:00
misc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
packet-protocols Use a default analyzer 2023-02-16 19:39:27 -07:00
protocols ftp/main: Skip get_pending_command() for intermediate reply lines 2023-03-23 13:50:36 +01:00
utils Treat private address space as site-local by default 2023-03-15 17:01:00 -07:00
init-bare.zeek RunState: Implement forward_network_time_if_applicable() 2023-03-23 12:40:39 +01:00
init-default.zeek Provide infrastructure to migrate legacy analyzers to Spicy. 2023-02-01 11:33:48 +01:00
init-frameworks-and-bifs.zeek analyzer: Add analyzer.log for logging violations/confirmations 2023-01-09 18:11:49 +01:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00