Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/ftp
History
Arne Welzel b745556d36 ftp: Do not base seq on number of pending commands 
Previously, seq was computed as the result of |pending_commands|+1. This
opened the possibility to override queued commands, as well as logging
the same pending ftp reply multiple times.

For example, when commands 1, 2, 3 are pending, command 1 may be dequeued,
but the incoming command then receives seq 3 and overrides the already
pending command 3. The second scenario happens when ftp_reply() selected
command 3 as pending for logging, but is then followed by many ftp_request()
events. This resulted in command 3's response being logged for every
following ftp_request() over and over again.

Avoid both scenarios by tracking the command sequence as an absolute counter.
2023-10-25 10:05:09 -07:00
..
__load__.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
dpd.sig Moved DPD signatures into script specific directories. 2013-07-09 22:44:55 -04:00
files.zeek scripts: Migrate table iteration to blank identifiers 2022-10-24 10:36:09 +02:00
gridftp.zeek Small bugfix and updates for external test hashes (SSL/X509) 2021-06-29 15:25:08 +01:00
info.zeek ftp: Do not base seq on number of pending commands 2023-10-25 10:05:09 -07:00
main.zeek ftp: Do not base seq on number of pending commands 2023-10-25 10:05:09 -07:00
README Add README files for base/protocols 2013-10-17 12:47:32 -05:00
utils-commands.zeek ftp: Do not base seq on number of pending commands 2023-10-25 10:05:09 -07:00
utils.zeek GH-234: rename Broxygen to Zeexygen along with roles/directives 2019-04-22 19:45:50 -07:00

README 

Support for File Transfer Protocol (FTP) analysis.