Snort mailing list archives

Re: Alerts of ftp_telnet

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 9 Aug 2010 08:32:19 -0400

On Aug 9, 2010, at 5:35 AM, Chong Lee Poh wrote:

Hi,
 
I am getting the following alerts between 2 unrelated servers:
 
(ftp_telnet) Invalid FTP Command



 #> grep "Invalid FTP" /etc/snort/gen-msg.map 
125 || 2 || ftp_pp: Invalid FTP command

125-2.txt is the file you are looking for in the docs that are included in the rule tarball downloaded from snort.org

(ftp_telnet) Evasive (incomplete) TELNET CMD on FTP Command Channel


Likewise for the above, 125-9.txt is the file you are looking for in the docs.

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

Alerts of ftp_telnet Chong Lee Poh (Aug 09)
- Re: Alerts of ftp_telnet Joel Esler (Aug 09)