mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
68aead024a
It relies on the heuristics of GridFTP data channels commonly default to SSL mutual authentication with a NULL bulk cipher and that they usually transfer large datasets (default threshold of script is 1 GB). The script also defaults to skip_further_processing() after detection to try to save cycles analyzing the large, benign connection. Also added a script in base/protocols/conn/polling that generalizes the process of polling a connection for interesting features. The GridFTP data channel detection script depends on it to monitor bytes transferred. |
||
|---|---|---|
| .. | ||
| base | ||
| policy | ||
| site | ||
| CMakeLists.txt | ||
| test-all-policy.bro | ||