mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 10:08:20 +00:00
49b8c7e390
GSI authentication involves an encoded TLS/SSL handshake over the FTP control session. Decoding the exchanged tokens and passing them to an SSL analyzer instance allows use of all the familiar script-layer events in inspecting the handshake (e.g. client/server certificats are available). For FTP sessions that attempt GSI authentication, the service field of the connection record will have both "ftp" and "ssl". One additional change is an FTP server's acceptance of an AUTH request no longer causes analysis of the connection to cease (because further analysis likely wasn't possible). This decision can be made more dynamically at the script-layer (plus there's now the fact that further analysis can be done at least on the GSSAPI AUTH method). |
||
|---|---|---|
| .. | ||
| frameworks | ||
| integration/barnyard2 | ||
| misc | ||
| protocols | ||
| tuning | ||