ftp
AnalyzerThe ftp
analyzer processes traffic associated with
the FTP file transfer service RFC-959. Bro instantiates an
ftp
analyzer for any connection with service port 21/tcp
,
providing you have loaded the ftp
analyzer, or defined a handler
for ftp_request
or ftp_reply
.
The analyzer uses a capture filter of “port ftp
” (See: Filtering).
It generates summaries of FTP sessions;
looks for sensitive usernames, access to sensitive files, and possible
FTP “bounce” attacks, in which the host specified in a “PORT
” or
“PASV
” directive does not correspond to the host sending
the directive; or in which a different host than the server (client) connects
to the endpoint specified in a PORT
(PASV
) directive.