Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FTP passive data transfer FP's and flowbits

From: Martin Holste <mcholste () gmail com>
Date: Tue, 11 Jan 2011 15:01:03 -0600
I've never personally seen it, but the FTP preprocessor rules may be able to alert you to zero-day exploits against 
an FTP server, mainly  due to the command length and string settings.



Yep, exactly.  Theoretically they should be helpful--I've just never
been a witness to when they were.



Looks like Mr. Panda and I are on the same page as far as wanting rule
keywords vs. preproc config.

------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: