Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols
History
Arne Welzel b745556d36 ftp: Do not base seq on number of pending commands 
Previously, seq was computed as the result of |pending_commands|+1. This
opened the possibility to override queued commands, as well as logging
the same pending ftp reply multiple times.

For example, when commands 1, 2, 3 are pending, command 1 may be dequeued,
but the incoming command then receives seq 3 and overrides the already
pending command 3. The second scenario happens when ftp_reply() selected
command 3 as pending for logging, but is then followed by many ftp_request()
events. This resulted in command 3's response being logged for every
following ftp_request() over and over again.

Avoid both scenarios by tracking the command sequence as an absolute counter.
2023-10-25 10:05:09 -07:00
..
conn Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 2022-11-30 09:39:57 -08:00
dce-rpc Merge remote-tracking branch 'origin/topic/awelzel/3145-dcerpc-state-clean' 2023-08-08 12:55:21 -07:00
dhcp Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
dnp3 Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
dns dns: Remove AD and CD flags from log 2023-03-16 10:09:27 +01:00
finger Add BIF have_spicy_analyzers(). 2023-02-03 13:47:26 +01:00
ftp ftp: Do not base seq on number of pending commands 2023-10-25 10:05:09 -07:00
http http/smtp: Fix wrong character class usage 2023-09-12 09:40:38 -07:00
imap Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00
irc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
krb Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
modbus Add a field to Modbus/TCP log to indicate the Modbus PDU type 2022-07-24 02:41:26 +00:00
mqtt mqtt: Move from policy/ into base/ 2022-11-30 10:14:20 +01:00
mysql MySQL: Fix endianness, introduce mysql_eof() event 2023-01-27 10:59:23 +01:00
ntlm scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd 2022-08-31 16:50:37 +02:00
ntp &is_set => &is_assigned 2021-02-04 12:18:46 -08:00
pop3 Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
radius deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
rdp Merge remote-tracking branch 'jeff-bb/patch-2' 2023-01-23 12:50:23 -07:00
rfb Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
sip Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
smb scripts/smb2-main: Reset script-level state upon smb2_discarded_messages_state() 2023-05-03 11:22:01 +02:00
smtp http/smtp: Fix wrong character class usage 2023-09-12 09:40:38 -07:00
snmp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
socks Merge remote-tracking branch 'origin/topic/awelzel/3099-fix-and-extend-socks5-sig' 2023-06-12 11:01:14 -07:00
ssh ssh: Test for c$ssh$analyzer_id existence 2022-11-16 16:35:57 +01:00
ssl ssl: Prevent unbounded ssl_history growth 2023-10-25 10:05:09 -07:00
syslog Add BIF have_spicy_analyzers(). 2023-02-03 13:47:26 +01:00
tunnels Add Teredo packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
xmpp Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00