Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FTP Improper Address Specified

I have been receiving quite a few alarm triggers for the signature FTP Improper Address Specified ID: 3153. All of the alarms have triggered when the attackers port is greater that 1024 and less than 65355. The victims port is always port 21. Has anyone on the list seen false positives for this alarm and if so can the false positives be attributed to a single application?

I have seen the thread answer posted by MATTHEW CERHA of Cisco Systems Inc for a simular occurance.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.ee9a475/0#selected_message

Was this ever confirmed by anyone?

  • Other Security Subjects
1 REPLY
Silver

Re: FTP Improper Address Specified

Matthew mentioned the WSFTP client application as being the possible offender. You could also check if any of your known users are trying to FTP in. If yes, you could narrow down your search to those applications.

197
Views
0
Helpful
1
Replies