'[Zeek] Proposal to remove the finger protocol analyzer'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    [Zeek] Proposal to remove the finger protocol analyzer
From:       Vlad Grigorescu <vlad () es ! net>
Date:       2020-11-13 0:35:32
Message-ID: CAPqbkwv7zcp9d4qoqTTrqEhjJgjQ94jJjMq6VLamvRhftCCjXw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


(For some additional context, please see:
https://github.com/zeek/zeek/pull/1243)

I'd like to remove the finger analyzer from core Zeek. The analyzer that's
in place today is incomplete, untested, and is showing its age. It's not
enabled by default, and the functionality to use it is not in Zeek. As
such, I'm proposing that it's simply removed, and not deprecated first.

If you rely on this analyzer today, and feel strongly about it staying,
please let me know. I'd be interested in hearing your use-case(s) and
working on bringing it out of its current state of purgatory, perhaps as a
plug-in.

Lovers of ancient protocols should fear not, however, as I plan on adding a
whois protocol analyzer. The two protocols are closely related, and whois
could be a complete analyzer, with tests. In addition, whois seems more
operationally useful today, as we see attackers running it on once they
gain a foothold, and more tech-savvy users will run it after receiving a
suspicious e-mail.

Many thanks,

  --Vlad

[Attachment #5 (text/html)]

<div dir="ltr"><div>(For some additional context, please see: <a \
href="https://github.com/zeek/zeek/pull/1243">https://github.com/zeek/zeek/pull/1243</a>)</div><div><br></div><div>I&#39;d \
like to remove the finger analyzer from core Zeek. The analyzer that&#39;s in place \
today is incomplete, untested, and is showing its age. It&#39;s not enabled by \
default, and the functionality to use it is not in Zeek. As such, I&#39;m proposing \
that it&#39;s simply removed, and not deprecated first.</div><div><br></div><div>If \
you rely on this analyzer today, and feel strongly about it staying, please let me \
know. I&#39;d be interested in hearing your use-case(s) and working on bringing it \
out of its current state of purgatory, perhaps as a \
plug-in.<br></div><div><br></div><div>Lovers of ancient protocols should fear not, \
however, as I plan on adding a whois protocol analyzer. The two protocols are closely \
related, and whois could be a complete analyzer, with tests. In addition, whois seems \
more operationally useful today, as we see attackers running it on once they gain a \
foothold, and more tech-savvy users will run it after receiving a suspicious \
e-mail.</div><div><br></div><div>Many thanks,</div><div><br></div><div>   \
--Vlad<br></div></div>



--
zeek mailing list -- zeek@lists.zeek.org
To unsubscribe send an email to zeek-leave@lists.zeek.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic