0022591: Snort and the IDS rules do not cover port 2121 or 989/990

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0022591

ClearOS

app-intrusion-detection - Intrusion Detection

public

2018-12-19 08:22

2019-02-22 22:03

Reporter

NickH

Assigned To

dloper

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

suspended

Platform

OS Version

Product Version

7.6.0 Updates

Target Version

7.6.0

Fixed in Version

Summary

0022591: Snort and the IDS rules do not cover port 2121 or 989/990

Description

In /etc/short.conf the variable FTP_PORTS only covers ports 21, 2100 and 3535 - however it does not seem to be used anywhere.

Similarly, further down snort.conf, in the "FTP / Telnet normalization and anomaly detection" only the same ports are covered.

Both need to be extended to cover 2121 (flexshares) and, if the rules can detect in FTPS streams, 898 (or 990).

At the same time, the ClearCenter ftp rules /etc/snort.d/rules/clearcenter/ftp.rules and any other ClearCenter supplied rules covering FTP such as attack_response.rules,current_events.rules, exploit.rules, info.rules, policy.rules, scan.rules and trojan.rules need to be adjusted to use $FTP_PORTS instead of simply port 21.

Tags

No tags attached.

Attached Files

Relationships

Notes
(0008901) dloper (administrator) 2019-02-22 22:03	Migrated to: https://gitlab.com/clearos/clearfoundation/app-intrusion-detection/issues/1 [^]

Issue History
Date Modified	Username	Field	Change
2018-12-19 08:22	NickH	New Issue
2019-02-22 22:03	dloper	Note Added: 0008901
2019-02-22 22:03	dloper	Status	new => closed
2019-02-22 22:03	dloper	Assigned To	=> dloper
2019-02-22 22:03	dloper	Resolution	open => suspended

Community Forums

ClearOS Portal

ClearVM Platform

ClearVM 2 Platform

ClearOS Bug Tracker

Sitemap

Foundation

Company

Partners

Purchase

Contact Us