[Snort-sigs] What is "FTP file_id.diz access" about?

Andrew Hintz (Drew) drew at ...486...
Wed Jan 22 12:36:02 EST 2003


Often times warez (pirated software) comes with a file named 'file_id.diz'.
The file gives a description of the pirated software.  However some free and
shareware programs also come with a 'file_id.diz' file.  So it's nothing to
be alarmed about, but it might be worthwhile to take a look at the FTP
server that triggered it and ensure that it hasn't turned into a warez
server.

Jason Haar wrote:
> I've just had that rule trigger three times, and it's classified as
> classtype:suspicious-filename-detect.
>
> Googling for that filename just shows references to BBS software - no
> references to anything dangerous.
>
> Is that rule actually relevent for anything?

--
^Drew

http://guh.nu

--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518  5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--





More information about the Snort-sigs mailing list