Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/protocols
History
Jon Siwek 68aead024a Add an example of a GridFTP data channel detection script. 
It relies on the heuristics of GridFTP data channels commonly default to
SSL mutual authentication with a NULL bulk cipher and that they usually
transfer large datasets (default threshold of script is 1 GB).  The
script also defaults to skip_further_processing() after detection to try
to save cycles analyzing the large, benign connection.

Also added a script in base/protocols/conn/polling that generalizes the
process of polling a connection for interesting features.  The GridFTP
data channel detection script depends on it to monitor bytes
transferred.
2012-10-01 12:32:24 -05:00
..
conn Add an example of a GridFTP data channel detection script. 2012-10-01 12:32:24 -05:00
dns Fix bug, where in dns.log rcode always was set to 0/NOERROR when 2012-07-17 14:16:15 -07:00
ftp Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
http Changing HTTP DPD port 3138 to 3128. 2012-07-20 09:57:38 -07:00
irc Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
smtp Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
socks Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
ssh Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
ssl Mozilla's current certificate bundle. 2012-07-13 22:24:34 -04:00
syslog Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00