[Snort-users] Finding specific File transfers with Snort?

Josh Oshiro josh at ...155...
Thu Apr 26 12:41:17 EDT 2001


 what you need to do is write a rule for this. Snort can be used for
many things. If there is a pattern in the data stream then snort can be
made to point it out. 
there is a doc on how to write snort rules at snort.org

http://www.snort.org/writing_snort_rules.htm

-- 
josh at ...155...
Snort Support
Silicon Defense

Jürgen Nieveler wrote:
> 
> Hi!
> 
> I'm rather new to Snort, and don't know if this has been covered before:
> 
> Can you use Snort to find out if there is a command "put swinger.jpg" in a
> FTP Session?
> 
> Background:
> 
> I noticed on a couple of old misconfigured FTP-Servers that allowed
> anonymous write access that all contained a file "swinger.jpg", which seems
> to be put there by some scanning robot to test for and mark open servers.
> 
> It would be nice to be able to check for this kind of thing, as it could
> warn you of possible scans from the "warez-kiddies" :-)
> 
> --
> Mit freundlichen Grüßen / Yours sincerely
> 
> Juergen Nieveler
> Encrease AG
> Team eCommerce
> Tel.: +49/241/16008-327
> Fax:  +49/241/16008-354
> Email: juergen.nieveler at ...1917...
> Web: www.encrease.de
> PGP:
> 2AAB A988 0B80 D53F FC53  3BED 8CC0 2092 922D 8378 (DH)
> 5ADF A15E 91E4 98DB  2391 0D29 8B08 A884 (RSA)
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list




More information about the Snort-users mailing list