mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
68aead024a
It relies on the heuristics of GridFTP data channels commonly default to SSL mutual authentication with a NULL bulk cipher and that they usually transfer large datasets (default threshold of script is 1 GB). The script also defaults to skip_further_processing() after detection to try to save cycles analyzing the large, benign connection. Also added a script in base/protocols/conn/polling that generalizes the process of polling a connection for interesting features. The GridFTP data channel detection script depends on it to monitor bytes transferred.
4 lines
65 B
Text
4 lines
65 B
Text
@load ./main
|
|
@load ./contents
|
|
@load ./inactivity
|
|
@load ./polling
|