ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0022591ClearOSapp-intrusion-detection - Intrusion Detectionpublic2018-12-19 08:222018-12-19 08:22
ReporterNickH 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version7.6.0 Updates 
Target Version7.6.0Fixed in Version 
Summary0022591: Snort and the IDS rules do not cover port 2121 or 989/990
DescriptionIn /etc/short.conf the variable FTP_PORTS only covers ports 21, 2100 and 3535 - however it does not seem to be used anywhere.

Similarly, further down snort.conf, in the "FTP / Telnet normalization and anomaly detection" only the same ports are covered.

Both need to be extended to cover 2121 (flexshares) and, if the rules can detect in FTPS streams, 898 (or 990).

At the same time, the ClearCenter ftp rules /etc/snort.d/rules/clearcenter/ftp.rules and any other ClearCenter supplied rules covering FTP such as attack_response.rules,current_events.rules, exploit.rules, info.rules, policy.rules, scan.rules and trojan.rules need to be adjusted to use $FTP_PORTS instead of simply port 21.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-12-19 08:22 NickH New Issue