Cisco Cisco Firepower Management Center 4000
25-23
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
You can specify a single IP address or address block, or a comma-separated list comprised of either
or both. You can configure up to 1024 characters, and you can specify up to 255 profiles including
the default profile. For information on using IPv4 and IPv6 address blocks in the FireSIGHT
System, see
or both. You can configure up to 1024 characters, and you can specify up to 255 profiles including
the default profile. For information on using IPv4 and IPv6 address blocks in the FireSIGHT
System, see
Note that the
default
setting in the default policy specifies all IP addresses on your monitored
network segment that are not covered by another target-based policy. Therefore, you cannot and do
not need to specify an IP address or address block for the default policy, and you cannot leave this
setting blank in another policy or use address notation to represent
not need to specify an IP address or address block for the default policy, and you cannot leave this
setting blank in another policy or use address notation to represent
any
(for example, 0.0.0.0/0 or
::/0).
Ports
Use this option to specify the ports on the FTP server where the managed device should monitor
traffic. In the interface, list multiple ports separated by commas.
traffic. In the interface, list multiple ports separated by commas.
Note
Any port you add to the server-level FTP
Ports
list should also be added in each TCP policy
to the appropriate list of TCP reassembly ports, depending on whether you are monitoring
client or server traffic, or both. Note, however, that reassembling additional traffic types
(client, server, both) increases resource demands. For more information on configuring TCP
reassembly ports, see
client or server traffic, or both. Note, however, that reassembling additional traffic types
(client, server, both) increases resource demands. For more information on configuring TCP
reassembly ports, see
.
File Get Commands
Use this option to define the FTP commands used to transfer files from server to client. Do not
change these values unless directed to do so by Support.
change these values unless directed to do so by Support.
File Put Commands
Use this option to define the FTP commands used to transfer files from client to server. Do not
change these values unless directed to do so by Support.
change these values unless directed to do so by Support.
Additional FTP Commands
Use this line to specify the additional commands that the decoder should detect. Separate additional
commands by spaces.
commands by spaces.
Default Max Parameter Length
Use this option to detect the maximum parameter length for commands where an alternate maximum
parameter length has not been set.
parameter length has not been set.
You can enable rule 125:3 to generate events for this option. See
for
more information.
Alternate Max Parameter Length
Use this option to specify commands where you want to detect a different maximum parameter
length, and to specify the maximum parameter length for those commands. Click
length, and to specify the maximum parameter length for those commands. Click
Add
to add lines
where you can specify a different maximum parameter length to detect for particular commands.
Check Commands for String Format Attacks
Use this option to check the specified commands for string format attacks.
You can enable rule 125:5 to generate events for this option. See
for
more information.