ClearOS Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0022591ClearOSapp-intrusion-detection - Intrusion Detectionpublic2018-12-19 08:222019-02-22 22:03
Assigned Todloper 
PlatformOSOS Version
Product Version7.6.0 Updates 
Target Version7.6.0Fixed in Version 
Summary0022591: Snort and the IDS rules do not cover port 2121 or 989/990
DescriptionIn /etc/short.conf the variable FTP_PORTS only covers ports 21, 2100 and 3535 - however it does not seem to be used anywhere.

Similarly, further down snort.conf, in the "FTP / Telnet normalization and anomaly detection" only the same ports are covered.

Both need to be extended to cover 2121 (flexshares) and, if the rules can detect in FTPS streams, 898 (or 990).

At the same time, the ClearCenter ftp rules /etc/snort.d/rules/clearcenter/ftp.rules and any other ClearCenter supplied rules covering FTP such as attack_response.rules,current_events.rules, exploit.rules, info.rules, policy.rules, scan.rules and trojan.rules need to be adjusted to use $FTP_PORTS instead of simply port 21.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
dloper (administrator)
2019-02-22 22:03

Migrated to: [^]

- Issue History
Date Modified Username Field Change
2018-12-19 08:22 NickH New Issue
2019-02-22 22:03 dloper Note Added: 0008901
2019-02-22 22:03 dloper Status new => closed
2019-02-22 22:03 dloper Assigned To => dloper
2019-02-22 22:03 dloper Resolution open => suspended