Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Preventing FTP Download of .exe files using Deep Inspection (DI)

0

0

Article ID: KB7808 KB Last Updated: 25 Aug 2010Version: 3.0
Summary:
Using Deep Inspection (DI), prevent users from downloading any .exe files using the FTP GET command.
Symptoms:
Trying to use the FTP GET attack context when defining a custom Deep Inspection signature.  However, no matter what is tried, DI does not prevent .exe files from being downloaded.
Solution:

To configure a custom signature to prevent FTP GET of .exe file, use the attack context "256 Byte Stream".  This will examine only the first 256 bytes of a stream, and match the attack signature that's only in the first 256 bytes of a packet.  Use the following definition:

set attack "CS:ftpexe" stream256 ".*\.exe.*" severity medium
set attack group "CS:Path" add "CS:FTP-Path"

The attack signature ".*\.exe.*" will basically match anything up to .exe and match anything after it.


Note:
The FTP Command context only applies to the following:

  • USER
  • PASS
  • ACCT
  • CWD
  • CDUP
  • SMNT
  • REIN
  • QUIT

 

 

Reference Section 4.1.1 of RFC 959

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search