mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
68aead024a
It relies on the heuristics of GridFTP data channels commonly default to SSL mutual authentication with a NULL bulk cipher and that they usually transfer large datasets (default threshold of script is 1 GB). The script also defaults to skip_further_processing() after detection to try to save cycles analyzing the large, benign connection. Also added a script in base/protocols/conn/polling that generalizes the process of polling a connection for interesting features. The GridFTP data channel detection script depends on it to monitor bytes transferred. |
||
|---|---|---|
| .. | ||
| frameworks | ||
| misc | ||
| protocols | ||
| utils | ||
| init-bare.bro | ||
| init-default.bro | ||