[Snort-users] Can't get Identify open data channels to YES

Reinoud Koornstra sockstat at ...125...
Wed Sep 11 17:19:12 EDT 2013

Hi Everyone,


I am trying to get the ftp data to be checked completely.

When running snort it tells me:


      FTP Server: default
        Ports (PAF): 21 2100 3535 
        Check for Telnet Cmds: YES alert: YES
        Ignore Telnet Cmd Operations: YES alert: YES
        Identify open data channels: NO

How can i get Identify open data channels to YES?

Here the part of my snort.conf that matters:


preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted
preprocessor ftp_telnet_protocol: telnet \
    ayt_attack_thresh 20 \
    normalize ports { 23 } \
preprocessor ftp_telnet_protocol: ftp server default \
    def_max_param_len 100 \
    ports { 21 2100 3535 } \
    telnet_cmds yes \
    ignore_telnet_erase_cmds yes \
    ignore_data_chan no \

What am I doing wrong?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130911/edc93efd/attachment.html>

More information about the Snort-users mailing list