[Oisf-users] Suricata ftp protocol decode.
Seth Hall
seth at icir.org
Thu Apr 26 15:02:15 UTC 2012
On Apr 26, 2012, at 10:36 AM, Nikolay Denev wrote:
> alert ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"FTP User"; flow:established,to_server; content:"USER"; nocase; classtype:policy-violation; sid:9000015; rev:1;)
I'm taking a wild stab with this one, but have you tried making this "alert tcp"?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Oisf-users
mailing list