Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base/frameworks/notice
History
Arne Welzel 3f5cb75a2a ftp: Introduce FTP::max_command_length 
oss-fuzz produced FTP traffic with a ~550KB long FTP command. Cap FTP command
length at 100 bytes, log a weird if a command is larger than that and move
on to the next. Likely it's not actual FTP traffic, but raising an
analyzer violation would allow clients an easy way to disable the analyzer
by sending an overly long command.

The added test PCAP was generated using a fake Python socket server/client.
2022-11-21 09:36:29 +01:00
..
actions Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
__load__.zeek GH-379: move catch-and-release and unified2 scripts to policy/ 2019-06-05 13:33:45 -07:00
main.zeek Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
README More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
weird.zeek ftp: Introduce FTP::max_command_length 2022-11-21 09:36:29 +01:00

README 

The notice framework enables Zeek to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Zeek to be customized to the different needs that sites have.