Which option and value pair will allow more specific detection?

View the following exhibit, which contains the sniffer output for a passive mode FTP request.

An administrator has created the following custom IPS signature to block all FTP requests for passive mode: F-SBID (–attack_id 1002; –name "Block.FTP "; –protocol tcp; –flow from_client; –pattern "PASV"; –no_case;) Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.

Which option and value pair will allow more specific detection?
A . –protocol ftp
B . –service ftp
C . –name "Block.FTP.PASV"
D . –attack_id 1001

Answer: B

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments