Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/protocols
History
Arne Welzel 31b548babc ftp: Reset fuid after logging 
A user reported being confused about the fuid association of subsequent
FTP commands when a data transfer has completed. It seems reasonable to
unset fuid upon logging a FTP command which had a fuid.

The current behavior results in the PORT or PASV commands after a RETR or STOR
to have the fuid of the prior file transfer. Similarly, any CWD or DEL commands
following a file transfer will unnecessarily be logged with the fuid of the
prior file transfer.

This tickles the baselines for the private testing PCAP a lot, primarily
because there data connections in that pcap are never established properly.
E.g, the fuids FzDzid1Dxm9srVKHXf and FEfYX73q5C6GEQZXX9 have been re-used
for multiple commands.

This may look like we're losing information, but the fuids vanishing
in the normal btests belong to a LIST command that isn't logged by
default into ftp.log. If it was, the fuid would be attached to it.
2024-02-21 12:41:32 +01:00
..
conn tunnels: Add 'X' to history when reaching Tunnel::max_depth 2024-01-11 10:22:44 +01:00
dce-rpc dce-rpc: Handle smb2_close_request() in scripts 2023-06-30 15:14:35 +02:00
dhcp dhcp: Handle is_orig=T for connections from server to 255.255.255.255 2023-08-28 12:15:55 +02:00
dnp3 Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
dns dns: Remove AD and CD flags from log 2023-03-16 10:09:27 +01:00
finger Add BIF have_spicy_analyzers(). 2023-02-03 13:47:26 +01:00
ftp ftp: Reset fuid after logging 2024-02-21 12:41:32 +01:00
http http/smtp: Fix wrong character class usage 2023-09-12 12:00:36 -07:00
imap Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00
irc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
krb Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
ldap fix for logic bug in ldap base script 2024-01-15 15:03:56 +01:00
modbus Pass parsed file record information with ReadFile/WriteFile events 2023-08-07 13:44:38 -07:00
mqtt mqtt: Move from policy/ into base/ 2022-11-30 10:14:20 +01:00
mysql MySQL: Fix endianness, introduce mysql_eof() event 2023-01-27 10:59:23 +01:00
ntlm scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd 2022-08-31 16:50:37 +02:00
ntp &is_set => &is_assigned 2021-02-04 12:18:46 -08:00
pop3 Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
quic quic: Log client's source connection id, too. 2024-01-30 21:46:38 +01:00
radius Remove script functions marked as unused (6.1 deprecations) 2023-06-14 10:07:22 -07:00
rdp Merge remote-tracking branch 'jeff-bb/patch-2' 2023-01-23 12:50:23 -07:00
rfb Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
sip Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
smb smb: Fix &read_expire not in effect due to &default=string_set() usage 2023-12-17 15:02:05 +01:00
smtp Merge remote-tracking branch 'origin/topic/awelzel/3264-smtp-bdat' 2024-01-12 10:49:28 +01:00
snmp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
socks socks/dpd: Add newer auth methods 2023-06-05 13:55:00 +02:00
ssh ssh: Test for c$ssh$analyzer_id existence 2022-11-16 16:35:57 +01:00
ssl TLS: Update cipher consts and keyexchange parsing 2023-11-27 16:22:24 +00:00
syslog Add BIF have_spicy_analyzers(). 2023-02-03 13:47:26 +01:00
tunnels Add Teredo packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
websocket websocket: Handle breaking from WebSocket::configure_analyzer() 2024-01-22 18:54:41 +01:00
xmpp Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00