Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols
History
Jon Siwek 49b8c7e390 Add analyzer for GSI mechanism of GSSAPI FTP AUTH method. 
GSI authentication involves an encoded TLS/SSL handshake over the FTP
control session.  Decoding the exchanged tokens and passing them to an
SSL analyzer instance allows use of all the familiar script-layer events
in inspecting the handshake (e.g. client/server certificats are
available).  For FTP sessions that attempt GSI authentication, the
service field of the connection record will have both "ftp" and "ssl".

One additional change is an FTP server's acceptance of an AUTH request
no longer causes analysis of the connection to cease (because further
analysis likely wasn't possible).  This decision can be made more
dynamically at the script-layer (plus there's now the fact that further
analysis can be done at least on the GSSAPI AUTH method).
2012-10-05 10:43:23 -05:00
..
conn Add an example of a GridFTP data channel detection script. 2012-10-01 12:32:24 -05:00
dns Fix bug, where in dns.log rcode always was set to 0/NOERROR when 2012-07-17 14:16:15 -07:00
ftp Add analyzer for GSI mechanism of GSSAPI FTP AUTH method. 2012-10-05 10:43:23 -05:00
http Changing HTTP DPD port 3138 to 3128. 2012-07-20 09:57:38 -07:00
irc Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
smtp Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
socks Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
ssh Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
ssl Mozilla's current certificate bundle. 2012-07-13 22:24:34 -04:00
syslog Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00