Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
871
Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
Chapter 23
•
Specify any Ports that should be monitored for FTP traffic. Port 21 is the
well-known port for FTP traffic.
IMPORTANT!
Add the same list of ports indicated here to the TCP client
reassembly port list. For more information on configuring TCP reassembly
ports, see
•
Update the FTP commands used to transfer files from server to client in
the File Get Commands field.
•
Update the FTP commands used to transfer files from client to server in
the File Put Commands field.
IMPORTANT!
Do not change the values in the File Get Commands and File Put
Commands field unless directed to do so by Sourcefire Support.
•
To detect additional FTP commands outside of those checked by default
by the FTP/Telnet preprocessor, type the commands, separated by
spaces in the Additional FTP Commands field.
You can add as many additional FTP commands as needed.
You can add as many additional FTP commands as needed.
IMPORTANT!
Additional commands you may want to add include
XPWD
,
XCWD
,
XCUP
,
XMKD
, and
XRMD
. For more information on these commands, see RFC
775, the Directory oriented FTP commands specification by the Network
Working Group.
•
Specify the default maximum number of bytes for a command
parameter in the Default Max Parameter Length field.
•
To detect a different maximum parameter length for particular
commands, click Add next to Alternate Max Parameter Length. In the first
text box of the row that appears, specify the maximum parameter
length. In the second text box, specify the commands, separated by
spaces, where this alternate maximum parameter length should apply.
You can add as many alternative maximum parameter lengths as
You can add as many alternative maximum parameter lengths as
needed.
•
To check for string format attacks on particular commands, specify the
commands, separated by spaces, in the Check Commands for String
Format Attacks text box.
•
To specify the valid format for a command, click Add next to Command
Validity. Specify the command you want to validate, then type a
validation statement for the command parameter. For more information
on the validation statement syntax, see