Snort mailing list archives
Re: Can't get Identify open data channels to YES
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 12 Sep 2013 11:31:54 -0400
Essentially the problem is that the message is wrong when Snort starts. It should say “Ignore Open Data Channels” instead of “Identify Open Data Channels” But look at the last line you pasted in your config there. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Sep 11, 2013, at 5:19 PM, Reinoud Koornstra <sockstat () hotmail com> wrote:
Hi Everyone, I am trying to get the ftp data to be checked completely. When running snort it tells me: FTP CONFIG: FTP Server: default Ports (PAF): 21 2100 3535 Check for Telnet Cmds: YES alert: YES Ignore Telnet Cmd Operations: YES alert: YES Identify open data channels: NO How can i get Identify open data channels to YES? Here the part of my snort.conf that matters: preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted preprocessor ftp_telnet_protocol: telnet \ ayt_attack_thresh 20 \ normalize ports { 23 } \ detect_anomalies preprocessor ftp_telnet_protocol: ftp server default \ def_max_param_len 100 \ ports { 21 2100 3535 } \ telnet_cmds yes \ ignore_telnet_erase_cmds yes \ ignore_data_chan no \ What am I doing wrong? Thanks, Reinoud. ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can't get Identify open data channels to YES Reinoud Koornstra (Sep 11)
- Re: Can't get Identify open data channels to YES Joel Esler (Sep 12)