[Snort-devel] ftp_telnet_protocol ftp_cmds command length

Jason Wallace jason.r.wallace at ...2499...
Thu Mar 19 11:29:29 EDT 2009


When attempting to add the following option to 'preprocessor
ftp_telnet_protocol: ftp server default'

ftp_cmds { XSHA1 }

I received the following error when restarting snort...

FATAL ERROR: /etc/snort/snort.conf(575) => FTP Commands are no longer
than 4 characters: 'XSHA1'.

This is a valid command on some ftp servers. Maybe the command length
should be increased to 5 or maybe a new option like

ftp_cmds_alt_len <char length>

could be implemented to allow user control of the length.

Wally




More information about the Snort-devel mailing list