Snort mailing list archives
RE: Acid and Mysql with Snort
From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 13 Jul 2002 08:53:25 -0700
At 4:48 PM +0200 7/12/02, Richard Menedetter wrote:
Spade question: everytime I do a FTP transfer spade shows me a higy anomaly value from ftp:20 to me:xxx. Can't spade ignore such FTP connections ??
Not presently. It is non-trivial to tell if this is really part of an FTP session of just some clever scanner trying to avoid detection by making it look like FTP traffic. One would need to do FTP protocol and session analysis.
If someone is looking for a good project, they could write a facility for snort to identify packets that are part of an FTP session and those that aren't. Spade could use this to ignore those that are port of a FTP session. Other parts of Snort might be able get benefit from this too.
Best regards, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid and Mysql with Snort Hall, Duane (Jul 11)
- Re: Acid and Mysql with Snort twig les (Jul 11)
- <Possible follow-ups>
- RE: Acid and Mysql with Snort Hutchinson, Andrew (Jul 12)
- RE: Acid and Mysql with Snort Richard Menedetter (Jul 12)
- RE: Acid and Mysql with Snort James Hoagland (Jul 13)
- RE: Acid and Mysql with Snort Richard Menedetter (Jul 12)
- RE: Acid and Mysql with Snort Pacheco, Michael F. (Jul 16)
- RE: Acid and Mysql with Snort Hutchinson, Andrew (Jul 17)