[Bro] FTP password
Josh Liburdi
liburdi.joshua at gmail.com
Thu Sep 17 05:02:57 PDT 2015
That user value is one of the default values that Bro will always log
the password for.
const guest_ids = { "anonymous", "ftp", "ftpuser", "guest" } &redef;
If you redef guest_ids to be empty, then it shouldn't log any passwords.
Josh
On Thu, Sep 17, 2015 at 2:39 AM, 김희철 <hckim at narusec.com> wrote:
> Hi
> I have setup bro 2.3
> did not change any setting but some of ftp.log has password printed out
>
> 1442471625.330839 CJtp9r1Ww7Nrjco5H4 x.x.x.x 511 y.y.y.y 561 ftpuser safepc
> RETR ftp://w.w.w.w/WINDOWS7/64/Setup.dat - 226 Transfer complete. - - - - -
>
> I checked ftp config but "default_capture_password = F"
>
> do I have to do something to not capture password ?
>
> Thank you
> --
> ------------------------------------------------------
> Hichul Kim 김희철 선임 연구원
>
> Naru Security (주)나루씨큐리티
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list