Snort mailing list archives
Can't get Identify open data channels to YES
From: Reinoud Koornstra <sockstat () hotmail com>
Date: Wed, 11 Sep 2013 21:19:12 +0000
Hi Everyone, I am trying to get the ftp data to be checked completely. When running snort it tells me: FTP CONFIG: FTP Server: default Ports (PAF): 21 2100 3535 Check for Telnet Cmds: YES alert: YES Ignore Telnet Cmd Operations: YES alert: YES Identify open data channels: NO How can i get Identify open data channels to YES? Here the part of my snort.conf that matters: preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted preprocessor ftp_telnet_protocol: telnet \ ayt_attack_thresh 20 \ normalize ports { 23 } \ detect_anomalies preprocessor ftp_telnet_protocol: ftp server default \ def_max_param_len 100 \ ports { 21 2100 3535 } \ telnet_cmds yes \ ignore_telnet_erase_cmds yes \ ignore_data_chan no \ What am I doing wrong? Thanks, Reinoud.
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can't get Identify open data channels to YES Reinoud Koornstra (Sep 11)
- Re: Can't get Identify open data channels to YES Joel Esler (Sep 12)