AnsweredAssumed Answered

FTP use is detected as intrusion by IPS

Question asked by ajeje93 on May 4, 2018

Hello everyone,

 

I had a problem with FTP connection. Long story short, I tried to download a file using FTP from a server in my network and the IPS detected the request as intrusion, blocking the whole network.

 

Below the alert received:

 

The following intrusion was observed: FTP.Text.Line.Too.Long.

date=2018-05-04 time=09:57:56 devname=*** devid=*** logid=*** type=utm subtype=ips eventtype=signature level=alert vd="root" severity=medium srcip=***.***.***.*** srccountry="***" dstip=***.***.***.*** srcintf="***" dstintf="***" policyid=774 sessionid=*** action=dropped proto=6 service=FTP attack="FTP.Text.Line.Too.Long" srcport=65026 dstport=21 direction=outgoing attackid=109445128 profile="***" ref="http://www.fortinet.com/ids/VID109445128" incidentserialno=*** msg="ftp_decoder: FTP.Text.Line.Too.Long," crscore=10 crlevel=medium

 

Has anyone experienced similar issues using FTP?

Outcomes