mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
68aead024a
It relies on the heuristics of GridFTP data channels commonly default to SSL mutual authentication with a NULL bulk cipher and that they usually transfer large datasets (default threshold of script is 1 GB). The script also defaults to skip_further_processing() after detection to try to save cycles analyzing the large, benign connection. Also added a script in base/protocols/conn/polling that generalizes the process of polling a connection for interesting features. The GridFTP data channel detection script depends on it to monitor bytes transferred. |
||
|---|---|---|
| .. | ||
| conn | ||
| ftp | ||
| http | ||
| irc | ||
| smtp | ||
| socks | ||
| ssl | ||