diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
| commit | a0aa2307322cd47bbf416810ac0292925e03be87 (patch) | |
| tree | 37076262a026c4b48c8a0e84f44ff9187556ca35 /doc/userguide/rules/ftp-keywords.rst | |
| parent | Initial commit. (diff) | |
| download | suricata-a0aa2307322cd47bbf416810ac0292925e03be87.tar.xz suricata-a0aa2307322cd47bbf416810ac0292925e03be87.zip | |
Adding upstream version 1:7.0.3.upstream/1%7.0.3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/userguide/rules/ftp-keywords.rst')
| -rw-r--r-- | doc/userguide/rules/ftp-keywords.rst | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/doc/userguide/rules/ftp-keywords.rst b/doc/userguide/rules/ftp-keywords.rst new file mode 100644 index 0000000..068b14e --- /dev/null +++ b/doc/userguide/rules/ftp-keywords.rst @@ -0,0 +1,31 @@ +FTP/FTP-DATA Keywords +===================== + +ftpdata_command +--------------- + +Filter ftp-data channel based on command used on the FTP command channel. +Currently supported commands are RETR (get on a file) and STOR (put on a +file). + +Syntax:: + + ftpdata_command:(retr|stor) + +Examples:: + + ftpdata_command:retr + ftpdata_command:stor + +Signature example:: + + alert ftp-data any any -> any any (msg:"FTP store password"; filestore; filename:"password"; ftpdata_command:stor; sid:3; rev:1;) + +ftpbounce +--------- + +Detect FTP bounce attacks. + +Syntax:: + + ftpbounce |