Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FTP passive data transfer FP's and flowbits

From: Kungu Panda <kungupanda () gmail com>
Date: Mon, 10 Jan 2011 19:19:24 +0000
I am experiencing a large number of false-positive alerts generated from ftp
sessions; specifically ftp data sessions tripping alerts on binary
transfers.

Any recommendations on associating an ftp command channel with an ftp
passive data-channel which, of course, occur on ports from the command
channel?  Association for use with snort flowbits to identify ftp sessions
and eliminate FPs on troublesome rules. . .

Thanks,
K.Panda

------------------------------------------------------------------------------
Gaining the trust of online customers is vital for the success of any company
that requires sensitive data to be transmitted over the Web.   Learn how to 
best implement a security strategy that keeps consumers' information secure 
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: