Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/frameworks
History
Arne Welzel 3f5cb75a2a ftp: Introduce FTP::max_command_length 
oss-fuzz produced FTP traffic with a ~550KB long FTP command. Cap FTP command
length at 100 bytes, log a weird if a command is larger than that and move
on to the next. Likely it's not actual FTP traffic, but raising an
analyzer violation would allow clients an easy way to disable the analyzer
by sending an overly long command.

The added test PCAP was generated using a fake Python socket server/client.
2022-11-21 09:36:29 +01:00
..
analyzer analyzer: Add file_analyzer support to enable_analyzer()/disable_analyzer() 2022-09-30 11:47:56 +02:00
broker Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
cluster Merge remote-tracking branch 'origin/topic/awelzel/2528-cluster-layout-content-warning' 2022-11-07 11:28:57 +01:00
config Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
control annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
dpd analyzer/dpd: Address review comments 2022-09-06 14:32:10 +02:00
files Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
input More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
intel scripts: Migrate table iteration to blank identifiers 2022-10-24 10:36:09 +02:00
logging Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
netcontrol Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
notice ftp: Introduce FTP::max_command_length 2022-11-21 09:36:29 +01:00
openflow Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
packet-filter Merge remote-tracking branch 'origin/topic/awelzel/blank-identifer' 2022-10-25 12:36:23 +02:00
reporter Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
signatures deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
software deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
sumstats Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
supervisor Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
telemetry telemetry: In a cluster, open port 9911 for Prometheus by default 2022-08-26 09:42:12 +02:00
tunnels Add GTPv1 packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00