[Bro-Dev] #891: topic/jsiwek/gridftp
Bro Tracker
bro at tracker.bro-ids.org
Mon Oct 8 11:33:37 PDT 2012
#891: topic/jsiwek/gridftp
---------------------------+------------------------
Reporter: jsiwek | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------------+------------------------
This branch exists in `bro`, `bro-testing`, and `bro-testing-private`
repos and adds support for GridFTP detection.
Relevant commits are:
[e34f6d9e3b1475828e11b590211311581dd05955/bro]
[49b8c7e3909ba0b57019285eaa07022c44f45270/bro]
[68aead024ab4a93ac83dc83f5ba61427bd1401e4/bro]
Summarized changes are:
- Add generic connection polling script: base/protocols/conn/polling.bro
- Add GridFTP detection script (mostly deals with GridFTP data channel
detection): base/protocols/ftp/gridftp.bro
- Add a new support analyzer which looks at FTP requests for AUTH GSSAPI
and forwards data to an SSL analyzer instance if it looks like the GSI
mechanism. This makes it possible to identify GridFTP control channels.
- Change FTP analyzer to no longer skip further analysis of a connection
if the server accepts an AUTH request.
- SSL client certificates are now tracked/logged by default.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/891>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list