I want to create a custom signature to detect ftp traffic on ports other than port 21. Would I want to use Atomic.tcp or String.tcp? Can I use an asterik for all ports? and what RegexString value would I use? Thanks for any help.
First, I would be very careful about adding a signature that tries to examine all TCP ports. This will most likely cause a large impact to the performance of the sensor. Here is a SigWizMenu screenshot of a possible signature:
This looks for a 220 condition code from a FTP server. It should listen to all ports by default. Again, this signature will most likely cause a significant perfomance hit to the sensor and should be used with caution.
You're right but the performance hit wasn't too bad. Packetd went from ~10% to ~20% CPU usage. I have another question: This custom sig is massively alarming on all other tcp connection request i.e. web, mail, and everything. Is there more condition code I can add to this sig so that it only fires on FTP service? Thanks for any help.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...