Symantec™ Security Gateways Reference Guide - Sawmill

IDS eventsSuspicious activity371Finger Malformed DataBase Event:Details:Response:Affected:FINGER_EXCESS_DATAExtra data was sent after a valid finger request. This represents a possible birds of a feather (BOF)attack or that a shell has been spawned.If seen in sufficient volume or variation, location and audit of client and server is recommended.Examination of the packet contents may provide some additional information about the particularcommand.No specific targets.False Positives: None known.ReferencesFinger SpecificationsFTP Auth FailureBase Event:Details:Response:Affected:FTPSER_NOT_LOGGED_INAn FTP operation occurred with the user not logged in. This event is used to catch everything fromFTP logon failures to sending FTP commands to the server before a valid logon has beenestablished.If seen in sufficient volume or variation, and other suspicious factors exist, audit of client andserver is recommended. Examination of the packet contents may provide some additionalinformation about the particular command.No specific targets.False Positives: None known.ReferencesFTP SpecificationsFTP High-Bit ASCIIBase Event:Details:FTP_INVALID_UTF8_HIGH_ASCIITraffic that violates the FTP RFC was detected. This is likely the result of an FTP client or serverthat does not conform to the FTP standard sending high-bit ASCII characters (possibly non-Englishfilenames) without encoding them with UTF-8.FTP Malformed DataBase Event:Details:Response:Affected:FTP_BAD_PORT_CMD_ARGAn invalid argument to the FTP PORT command was detected. This could indicate an attempt tocompromise the server.If seen in sufficient volume or variation, and other suspicious factors exist, audit of client andserver is recommended. Examination of the packet contents may provide some additionalinformation about the particular command.No specific targets.False Positives: It is also possible the client or server is using an unofficial extension or a non-compliantimplementation of FTP.ReferencesFTP Specifications