Snort mailing list archives

log ftp servers in our network

From: Banai Zoltan <bazooka () emitel hu>
Date: Sun, 14 Apr 2002 20:38:33 +0200

Hi!

[Please CC me]

Short:
Is it possible to log that there is ftp server in our network on _any_ port?

Detailed:
I have a router. There is not allowed to run ftp/www server in our net.
Is ther a method to analyze all connections going throu the router 
(couse of there might be servers on different port than usal)
and determine if it is an ftp/www session and if it is then log the ip
of the server that is running ftp/www.
I think there is a need to reassembly the connection and match things in the whole
connection?
Is it possible? How can i do that? Where to read about doing that?

Best, Banai

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

log ftp servers in our network Banai Zoltan (Apr 14)
- Re: log ftp servers in our network Erek Adams (Apr 14)
- Message not available
  - Re: log ftp servers in our network Magnus (Apr 14)
- <Possible follow-ups>
- Re: log ftp servers in our network piotr . bulczak (Apr 15)