Anonymous | Login | 2024-12-21 23:43 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0022591 | ClearOS | app-intrusion-detection - Intrusion Detection | public | 2018-12-19 08:22 | 2019-02-22 22:03 | ||||
Reporter | NickH | ||||||||
Assigned To | dloper | ||||||||
Priority | normal | Severity | minor | Reproducibility | always | ||||
Status | closed | Resolution | suspended | ||||||
Platform | OS | OS Version | |||||||
Product Version | 7.6.0 Updates | ||||||||
Target Version | 7.6.0 | Fixed in Version | |||||||
Summary | 0022591: Snort and the IDS rules do not cover port 2121 or 989/990 | ||||||||
Description | In /etc/short.conf the variable FTP_PORTS only covers ports 21, 2100 and 3535 - however it does not seem to be used anywhere. Similarly, further down snort.conf, in the "FTP / Telnet normalization and anomaly detection" only the same ports are covered. Both need to be extended to cover 2121 (flexshares) and, if the rules can detect in FTPS streams, 898 (or 990). At the same time, the ClearCenter ftp rules /etc/snort.d/rules/clearcenter/ftp.rules and any other ClearCenter supplied rules covering FTP such as attack_response.rules,current_events.rules, exploit.rules, info.rules, policy.rules, scan.rules and trojan.rules need to be adjusted to use $FTP_PORTS instead of simply port 21. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0008901) dloper (administrator) 2019-02-22 22:03 |
Migrated to: https://gitlab.com/clearos/clearfoundation/app-intrusion-detection/issues/1 [^] |