Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/protocols/ftp
History
Arne Welzel 31b548babc ftp: Reset fuid after logging 
A user reported being confused about the fuid association of subsequent
FTP commands when a data transfer has completed. It seems reasonable to
unset fuid upon logging a FTP command which had a fuid.

The current behavior results in the PORT or PASV commands after a RETR or STOR
to have the fuid of the prior file transfer. Similarly, any CWD or DEL commands
following a file transfer will unnecessarily be logged with the fuid of the
prior file transfer.

This tickles the baselines for the private testing PCAP a lot, primarily
because there data connections in that pcap are never established properly.
E.g, the fuids FzDzid1Dxm9srVKHXf and FEfYX73q5C6GEQZXX9 have been re-used
for multiple commands.

This may look like we're losing information, but the fuids vanishing
in the normal btests belong to a LIST command that isn't logged by
default into ftp.log. If it was, the fuid would be attached to it.
2024-02-21 12:41:32 +01:00
..
__load__.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
dpd.sig Moved DPD signatures into script specific directories. 2013-07-09 22:44:55 -04:00
files.zeek ftp: Reset fuid after logging 2024-02-21 12:41:32 +01:00
gridftp.zeek Small bugfix and updates for external test hashes (SSL/X509) 2021-06-29 15:25:08 +01:00
info.zeek ftp: Reset fuid after logging 2024-02-21 12:41:32 +01:00
main.zeek ftp: Reset fuid after logging 2024-02-21 12:41:32 +01:00
README Add README files for base/protocols 2013-10-17 12:47:32 -05:00
utils-commands.zeek ftp: Do not base seq on number of pending commands 2023-10-24 19:10:07 +02:00
utils.zeek GH-234: rename Broxygen to Zeexygen along with roles/directives 2019-04-22 19:45:50 -07:00

README 

Support for File Transfer Protocol (FTP) analysis.