FTP/Telnet is an improvement to the Telnet decoder and provides stateful inspection capability for both FTP and Telnet data streams. FTP/Telnet will decode the stream, identifying FTP commands and responses and Telnet escape sequences and normalize the fields. FTP/Telnet works on both client requests and server responses.
FTP/Telnet has the capability to handle stateless processing, meaning it only looks for information on a packet-by-packet basis.
The default is to run FTP/Telnet in stateful inspection mode, meaning it looks for information and handles reassembled data correctly.
FTP/Telnet has a very ``rich'' user configuration, similar to that of HTTP Inspect (See 2.2.6). Users can configure individual FTP servers and clients with a variety of options, which should allow the user to emulate any type of FTP server or FTP Client. Within FTP/Telnet, there are four areas of configuration: Global, Telnet, FTP Client, and FTP Server.
|
Note:
Some configuration options have an argument of yes or no. This argument specifies whether the user wants the configuration option to generate a ftptelnet alert or not. The presence of the option indicates the option itself is on, while the yes/no argument applies to the alerting functionality associated with that option.
|