Cisco Cisco FirePOWER Appliance 8390
25-18
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
•
Select the
Detect Obsolete DNS RR Types
check box to enable detection of obsolete resource record
types.
•
Select the
Detect Experimental DNS RR Types
check box to detect experimental resource record types.
Step 6
Optionally, click
Configure Rules for DNS Configuration
at the top of the page to display rules associated with
individual options.
Click
Back
to return to the DNS Configuration page.
Step 7
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Decoding FTP and Telnet Traffic
License:
Protection
The FTP/Telnet decoder analyzes FTP and telnet data streams, normalizing FTP and telnet commands
before processing by the rules engine.
before processing by the rules engine.
Note the following when using the FTP/Telnet decoder:
•
The FTP/Telnet decoder requires TCP stream preprocessing. If TCP stream preprocessing is
disabled and you enable the preprocessor, you are prompted when you save the policy whether to
enable TCP stream preprocessing. See
disabled and you enable the preprocessor, you are prompted when you save the policy whether to
enable TCP stream preprocessing. See
and
for more information.
•
You must enable FTP and telnet preprocessor rules, which have generator IDs (GIDs) of 125 and
126, if you want these rules to generate events. A link on the configuration page takes you to a
filtered view of FTP and telnet preprocessor rules on the intrusion policy Rules page, where you can
enable and disable rules and configure other rule actions. See
126, if you want these rules to generate events. A link on the configuration page takes you to a
filtered view of FTP and telnet preprocessor rules on the intrusion policy Rules page, where you can
enable and disable rules and configure other rule actions. See
for
more information.
For more information, see the following topics:
•
•
•
•
•
•
•
•
Understanding Global FTP and Telnet Options
License:
Protection
You can set global options to determine whether the FTP/Telnet decoder performs stateful or stateless
inspection of packets, whether the decoder detects encrypted FTP or telnet sessions, and whether the
decoder continues to check a data stream after it encounters encrypted data.
inspection of packets, whether the decoder detects encrypted FTP or telnet sessions, and whether the
decoder continues to check a data stream after it encounters encrypted data.