Zeek Package for Bad Neighbor Detection

Zeek master Test Status Documentation Status Coverage Status Template Status

Detects CVE-2020-16898 and CVE-2020-16899: "Bad Neighbor"

Quick Start

If you already have Zeek and zkg installed, simply run:

zkg install

If this is being installed on a cluster, install the package on the manager, then deploy it via:

zeekctl deploy

Updating and Unloading

We use SemVer for versioning. For the versions available, see the tags on this repository. You can pass an additional argument to the install command with the desired version.

To upgrade to the latest version run:

zkg upgrade cve-2020-16898

You can modify the above command by replacing upgrade with:

  • unload, to configure Zeek to not load the package on startup.
  • load, to configure Zeek to load the package on startup (default after an install).
  • remove, to delete the package from the system.

If you're operating in a cluster, after performing any of the above changes, you'll need to re-run zeekctl deploy.


Zeek v3.3 Test Status Zeek v3.2 Test Status Zeek v3.1 Test Status Zeek v3.0 Test Status

This is a package designed to run with the Zeek Network Security Monitor. First, get Zeek. We strive to support both the current feature and LTS releases.

The recommended installation method is via the Zeek package manager, zkg. Follow the Quickstart guide.

To have Zeek load packages managed by zkg, ensure that @load packages is being loaded by Zeek.

This package is also tested with the following legacy Zeek (Bro) versions, although their use is strongly discouraged, due to security and performance issues and continued compatability is not supported.

Zeek v2.6 Test Status Zeek v2.5 Test Status Zeek v2.4 Test Status Zeek v2.3 Test Status


Contributions are welcome! The easiest way to give back is to comment on issues that are important to you -- even a quick reaction (thumbs-up/heart/thumbs-down) would help us prioritize issues.

There's a more in-depth contribution guide which lays out some ways that anyone can help.

Package Template

This package was created with a template, using Cruft. A CI job checks for updates to the template. To update the package, simply run:

pip install -U cruft
cruft update


This project is licensed under the BSD license. See the LICENSE file for details.

Package Version :