|
|
FTP PrePreproc Alerts: msg#00018security.ids.snort.devel
ftp_pp: FTP malformed parameter is triggering on: DST: 250 "/bmtmicro/DLC_WEB/Picture Window (BMT Micro)/Picture Window Doc" is new cwd. DST: SRC: MDTM Color Management Terms.pdf SRC: DST: 213 20040622074516 DST: SRC: SIZE Color Management Terms.pdf SRC: DST: 213 251003 DST: I am using the std config on snort-2.6.0: preprocessor ftp_telnet_protocol: ftp server default \ def_max_param_len 100 \ alt_max_param_len 200 { CWD } \ cmd_validity MODE < char ASBCZ > \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ telnet_cmds yes \ data_chan Looks like the format looks for an optional date followed by a string. Could the spaces in the filename be cause the alert to be generated? Bammkkkk -- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | SMTP PreProc Woes: 00018, Bamm Visscher |
|---|---|
| Next by Date: | Re: SMTP PreProc Woes: 00018, Andrew Mullican |
| Previous by Thread: | SMTP PreProc Woesi: 00018, Bamm Visscher |
| Next by Thread: | Re: FTP PrePreproc Alerts: 00018, Steven Sturges |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |