[Snort-sigs] Successful anonymous ftp login rules...

darrell hyde darrell at ...1614...
Wed Jun 18 10:56:10 EDT 2003


Has anyone ever written a signature that matches anonymous ftp login
successes rather than just attempts? Our network gets scanned all the time
for anonymous login, but finding a misconfigured box to connect to is
extremely rare. As a result the FTP login attempts aren't all that useful
from our end, just successful logins. Any help would be tremendously
appreciated. Thanks!

- Darrell





More information about the Snort-sigs mailing list