[Snort-sigs] Alerts of ftp_telnet

Joel Esler jesler at ...435...
Mon Aug 9 08:32:19 EDT 2010


On Aug 9, 2010, at 5:35 AM, Chong Lee Poh wrote:

> Hi,
>  
> I am getting the following alerts between 2 unrelated servers:
>  
> (ftp_telnet) Invalid FTP Command


 #> grep "Invalid FTP" /etc/snort/gen-msg.map 
125 || 2 || ftp_pp: Invalid FTP command

125-2.txt is the file you are looking for in the docs that are included in the rule tarball downloaded from snort.org

> (ftp_telnet) Evasive (incomplete) TELNET CMD on FTP Command Channel
>  

Likewise for the above, 125-9.txt is the file you are looking for in the docs.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100809/eb1c3e9c/attachment.html>


More information about the Snort-sigs mailing list