[PLUG] FTP-response clarification
Ishak Micheil
isaacem at gmail.com
Wed May 6 15:04:26 UTC 2015
Team,
I am troubleshooting an FTP related problem, to simply inspect FTP data for
PCI content (Data Loss Prevention)
Issue description:
DLP systems are receiving "Non standard" FTP response, thus dropping the
connection /marking the packets with "unknown-protocol"
Additional info:
FTP client: WSFTP-pro
We are using Content filtering proxy servers to perform authentication and
authorization.
Cisco Ironports.
Packet capture reveals the following FTP response
"220 Notice: You must be FTP authorized user"
The above message is from our Proxies
However the support team of our DLP software claiming that it is NOT
standard response and the "standard" response should follow this format
"220-Filezilla Server"
More specifically the "-" missing, causing our issue for not detecting FTP
response correctly.
Anyone with FTP guidance?
More information about the PLUG
mailing list