Rule History

alert tcp $EXTERNAL_NET any -> $HOME_NET 22:1024 (msg:"ET POLICY FTP Conversation on Low Port - Likely Hostile (PASV) - Inbound"; flow:established,to_server; dsize:4; content:"PASV"; classtype:unusual-client-port-connection; sid:2008590; rev:3; metadata:attack_target FTP_Server, created_at 2010_07_30, deployment SSLDecrypt, confidence High, signature_severity Informational, updated_at 2023_05_03; target:dest_ip;)