SID 1:63326

Report a false positive

Rule Category

PROTOCOL-FTP -- Snort alerted on suspicious use of the FTP protocol. FTP is generally unsafe, as it sends all data in plain text, including passwords. Stolen data may also aggregate via FTP, and malware-infected items are often made available via FTP sharing sites. Malicious FTP attempts are common, such as directory traversal, overflow attempts, FTP probing (for instance, from the SATAN tool), etc.

Alert Message

PROTOCOL-FTP Bad sequence of commands

Rule Explanation

This rule alerts when a FTP server indicates that a bad sequence of commands was received.

What To Look For

This rule alerts when a FTP server indicates that a bad sequence of commands was received.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Protocol::FTP

CVE

CVE-2022-41985

Additional Links

www.ietf.org/rfc/rfc0959.txt
www.talosintelligence.com/reports/TALOS-2022-1680/

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2022-41985
 Loading description