[Snort-users] Can't get Identify open data channels to YES

Reinoud Koornstra sockstat at ...125...
Wed Sep 11 17:19:12 EDT 2013


Hi Everyone,

 

I am trying to get the ftp data to be checked completely.

When running snort it tells me:

 

    FTP CONFIG:
      FTP Server: default
        Ports (PAF): 21 2100 3535 
        Check for Telnet Cmds: YES alert: YES
        Ignore Telnet Cmd Operations: YES alert: YES
        Identify open data channels: NO


How can i get Identify open data channels to YES?

Here the part of my snort.conf that matters:

 

preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted
preprocessor ftp_telnet_protocol: telnet \
    ayt_attack_thresh 20 \
    normalize ports { 23 } \
    detect_anomalies
preprocessor ftp_telnet_protocol: ftp server default \
    def_max_param_len 100 \
    ports { 21 2100 3535 } \
    telnet_cmds yes \
    ignore_telnet_erase_cmds yes \
    ignore_data_chan no \


What am I doing wrong?

Thanks,

 

Reinoud.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130911/edc93efd/attachment.html>


More information about the Snort-users mailing list