Cisco Cisco Firepower Management Center 4000

Page of 1844
 
25-24
FireSIGHT System User Guide
 
Chapter 25      Using Application Layer Preprocessors 
  Decoding FTP and Telnet Traffic
Command Validity
Use this option to enter a valid format for a specific command. See 
 for information on creating FTP command parameter 
validation statements to validate the syntax of a parameter received as part of an FTP 
communication. Click 
Add
 to add a command validation line. 
You can enable rules 125:2 and 125:4 to generate events for this option. See 
 for more information.
Ignore FTP Transfers
Use this option to improve performance on FTP data transfers by disabling all inspection other than 
state inspection on the data transfer channel.
Detect Telnet Escape Codes within FTP Commands
Use this option to detect when telnet commands are used over the FTP command channel.
You can enable rule 125:1 to generate events for this option. See 
 for 
more information.
Ignore Erase Commands during Normalization 
When 
Detect Telnet Escape Codes within FTP Commands
 is selected, use this option to ignore telnet 
character and line erase commands when normalizing FTP traffic. The setting should match how the 
FTP server handles telnet erase commands. Note that newer FTP servers typically ignore telnet erase 
commands, while older servers typically process them.
Creating FTP Command Parameter Validation Statements
License: 
Protection
When setting up a validation statement for an FTP command, you can specify a group of alternative 
parameters by separating the parameters with spaces. You can also create a binary OR relationship 
between two parameters by separating them with a pipe character (
|
) in the validation statement. 
Surrounding parameters by square brackets (
[]
) indicates that those parameters are optional. 
Surrounding parameters with curly brackets (
{}
) indicates that those parameters are required.
You can create FTP command parameter validation statements to validate the syntax of a parameter 
received as part of an FTP communication. See 
for more information.
Any of the parameters listed in the following table can be used in FTP command parameter validation 
statements.
Table 25-5
FTP Command Parameters 
If you use...
The following validation occurs...
int
The represented parameter must be an integer.
number
The represented parameter must be an integer between 1 and 255.
char _chars 
The represented parameter must be a single character and a member of the 
characters specified in the 
_chars 
argument.
For example, defining the command validity for 
MODE
 with the validation 
statement 
char
 
SBC 
checks that the parameter for the 
MODE
 command comprises 
the character 
S
 (representing Stream mode), the character 
(representing Block 
mode), or the character 
(representing Compressed mode).