8.23. FTP/FTP-DATA Keywords
8.23.1. ftpdata_command
Filter ftp-data channel based on command used on the FTP command channel. Currently supported commands are RETR (get on a file) and STOR (put on a file).
Syntax:
ftpdata_command:(retr|stor)
Examples:
ftpdata_command:retr
ftpdata_command:stor
Signature example:
alert ftp-data any any -> any any (msg:"FTP store password"; filestore; filename:"password"; ftpdata_command:stor; sid:3; rev:1;)
8.23.2. ftpbounce
Detect FTP bounce attacks.
Syntax:
ftpbounce