Merge in SNORT/snort3 from ~AMUTTUVA/snort3:telnet_block to master
Squashed commit of the following:
commit
e862f9ad8ae83f116d57eb74bb8ebeef0566d7d8
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Mon May 12 07:45:34 2025 -0400
telnet: handle ayt commands in splitter
#define FTPP_PORT_ATTACK 9
#define FTPP_INVALID_SESSION 10
+#define FTPP_AYT_FOUND 11
#define FTPP_OR_FOUND 100
#define FTPP_OPT_END_FOUND 101
if (iRet == FTPP_ALERT)
DetectionEngine::queue_event(GID_FTP, FTP_EVASIVE_TELNET_CMD);
+ else if (iRet == FTPP_AYT_FOUND)
+ DetectionEngine::queue_event(GID_FTP, FTP_TELNET_CMD);
+
return iRet;
}
return FTPP_ALERT;
}
}
+ else if (on_ftp_channel && p->dsize == 2)
+ return FTPP_AYT_FOUND;
/* Fall through */
case TNC_BRK:
case TNC_DM:
if (p->flow)
{
TelnetFlowData* fd = (TelnetFlowData*)
- p->flow->get_flow_data(FtpFlowData::inspector_id);
+ p->flow->get_flow_data(TelnetFlowData::inspector_id);
ft_ssn = fd ? &fd->session.ft_ssn : nullptr;
else
{
assert(false);
- p->flow->free_flow_data(FtpFlowData::inspector_id);
+ p->flow->free_flow_data(TelnetFlowData::inspector_id);
return 0;
}
}
{
if ( *read_ptr == (unsigned char)TNC_SB )
state = TELNET_IAC_SB;
+ else if ( *read_ptr == (unsigned char)TNC_AYT )
+ {
+ state = TELNET_NONE;
+ fp_ptr = read_ptr;
+ }
else if ( *read_ptr != (unsigned char)TNC_IAC )
state = TELNET_NONE;
break;
projects / thirdparty / snort3.git / commitdiff
