Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/scripts/base
History
Johanna Amann 6023c8b906 SSH: make banner parsing more robust 
This change revamps SSH banner parsing.  The previous behavior was both
a bit too strict in some regards, and too permissive in other.

Specifically, clients are now required to send a line starting with
"SSH-" as the first line.  This is in line with the RFC, as well with
observed behavior. This also prevents the creation of `ssh.log` for
non-SSH traffic on port 22.

For the server side, we now accept text before the SSH banner. This
previously led to a protocol violation but is allowed by the spec.

New tests are added to cover these cases.
2025-03-18 16:19:33 +00:00
..
files Merge branch 'files_pe_timestamp_sync' of https://github.com/mvhensbergen/zeek 2024-05-29 14:16:31 +01:00
frameworks Add two protocol mismatch testcases 2025-03-04 15:38:20 +00:00
misc Parse and store localversion string 2024-04-17 14:17:22 -07:00
protocols SSH: make banner parsing more robust 2025-03-18 16:19:33 +00:00
utils Add interval_as_double argument to control how intervals are converted to JSON 2024-12-03 09:26:08 -07:00