Search

Require Text-Based URL for FTP Access

rated by 0 users
Answered (Not Verified) This post has 0 verified answers | 1 Reply | 1 Follower

Not Ranked
3 Posts
cslebl posted on 21 Mar 2012 7:07 AM
All: Would like to know if there is a way to require that access via FTP be via a text based URL instead of an IP based URL. For example, many malware exploits have a built in FTP client that will transfer its reconnaissance data via an IP instead of a domain name or full FTP URL string. So, instead of allowing ftp://10.1.2.3 outbound, would like to stop it in its tracks as it breaks the desired formatting. If the GW sees something like ftp://support.dell.com, then I allow this through. Or if there is a way to require reverse DNS as many of these exploits with an FTP client do not resolve to any DNS records like an A record or CNAME. Internally, we do have various FTP servers that we only use an IP statement in the session but I can set those to static bypass or an exception in the scanning bypass. Need to know if this is possible and if so, how to accomplish.
|
Reply Suggest an Answer

All Replies

Top 10 Contributor
986 Posts
Trusted Users (MVP)
Reply
Answered (Not Verified) Glitch replied on 21 Mar 2012 7:19 PM
Suggested by Glitch

Not that I'm aware of... unfortunately you're asking devices at the network layer (3) in the OSI model to read higher up the chain.  If you try to tell Websense not to allow IP based FTP he'll block all access to it.  Only thing I can think of is doing a whitelist of FTP sites.

Also I wouldn't worry too much about this... while what you say has been true in the past the latest and greatest malware is making use of DNS in order to provide better resiliency in the event their CoC servers are taken down.  Heck more of them are using SSL / SSH to evade IDS/IPS.  Websense Real Time Security Updates should be able to flag any known malicious hosts, and even better if you have WCG which will be scanning the content for malware.

|
Page 1 of 1 (2 items)