Hello everyone, I recently jumped into the snort bandwagon, and was left with several issues to resolve. One of them is that snort reports the ff:

"Binary data being sent to communitcation FTP port."

When it should read:

"Binary data being sent to communication FTP port."

I don't know how the "t" got in there, and I need help on how to fix the typo.

Thanks very much!

Ogoy

I can't match that string to any of the Snort .*.rules file contents? What are you running exactly?

Hi unSpawn,

Here's my version:

,,_ -*> Snort! <*-
o" )~ Version 2.4.3 (Build 26) i386
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2005 Sourcefire Inc., et al.
NOTE: Snort's default output has changed in version 2.4.1!
The default logging mode is now PCAP, use "-K ascii" to activate
the old default logging mode.

Could you please search for that string in the Snort .*.rules files?

[mine@linux root]# grep -i ftp /etc/snort/*.rules*
[mine@linux root]# grep -i comm /etc/snort/*.rules*

[mine@root root]# ls -lotr /etc/snort/
total 224
-rw-r--r-- 1 root 53841 Oct 20 2003 unicode.map
-rw-rw-r-- 1 root 1567 Dec 3 09:04 vrt.rules.good
-rw-rw-r-- 1 root 83865 Dec 3 09:04 snort.conf.good
-rw-rw-r-- 1 root 1567 Dec 13 13:14 vrt.rules
-rw-rw-r-- 1 root 83882 Dec 13 13:14 snort.conf

nothing there. btw im running:

Linux version 2.4.21-zoobah.34smp (zoobah@mine.com) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-34)) #1 SMP Tue Jul 22 22:01:23 MDT 2008

OK, please tell us where you actually encounter the "Binary data being sent to communitcation FTP port." message in? Is it some form of reporting or front-end?