Cisco Cisco FirePOWER Appliance 8120
25-24
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
Command Validity
Use this option to enter a valid format for a specific command. See
for information on creating FTP command parameter
validation statements to validate the syntax of a parameter received as part of an FTP
communication. Click
communication. Click
Add
to add a command validation line.
You can enable rules 125:2 and 125:4 to generate events for this option. See
for more information.
Ignore FTP Transfers
Use this option to improve performance on FTP data transfers by disabling all inspection other than
state inspection on the data transfer channel.
state inspection on the data transfer channel.
Detect Telnet Escape Codes within FTP Commands
Use this option to detect when telnet commands are used over the FTP command channel.
You can enable rule 125:1 to generate events for this option. See
for
more information.
Ignore Erase Commands during Normalization
When
Detect Telnet Escape Codes within FTP Commands
is selected, use this option to ignore telnet
character and line erase commands when normalizing FTP traffic. The setting should match how the
FTP server handles telnet erase commands. Note that newer FTP servers typically ignore telnet erase
commands, while older servers typically process them.
FTP server handles telnet erase commands. Note that newer FTP servers typically ignore telnet erase
commands, while older servers typically process them.
Creating FTP Command Parameter Validation Statements
License:
Protection
When setting up a validation statement for an FTP command, you can specify a group of alternative
parameters by separating the parameters with spaces. You can also create a binary OR relationship
between two parameters by separating them with a pipe character (
parameters by separating the parameters with spaces. You can also create a binary OR relationship
between two parameters by separating them with a pipe character (
|
) in the validation statement.
Surrounding parameters by square brackets (
[]
) indicates that those parameters are optional.
Surrounding parameters with curly brackets (
{}
) indicates that those parameters are required.
You can create FTP command parameter validation statements to validate the syntax of a parameter
received as part of an FTP communication. See
received as part of an FTP communication. See
for more information.
Any of the parameters listed in the following table can be used in FTP command parameter validation
statements.
statements.
Table 25-5
FTP Command Parameters
If you use...
The following validation occurs...
int
The represented parameter must be an integer.
number
The represented parameter must be an integer between 1 and 255.
char _chars
The represented parameter must be a single character and a member of the
characters specified in the
characters specified in the
_chars
argument.
For example, defining the command validity for
MODE
with the validation
statement
char
SBC
checks that the parameter for the
MODE
command comprises
the character
S
(representing Stream mode), the character
B
(representing Block
mode), or the character
C
(representing Compressed mode).