ftp AnalyzerThe ftp analyzer processes traffic associated with
the FTP file transfer service RFC-959. Bro instantiates an
ftp analyzer for any connection with service port 21/tcp,
providing you have loaded the ftp analyzer, or defined a handler
for ftp_request or ftp_reply.
The analyzer uses a capture filter of “port ftp” (See: Filtering).
It generates summaries of FTP sessions;
looks for sensitive usernames, access to sensitive files, and possible
FTP “bounce” attacks, in which the host specified in a “PORT” or
“PASV” directive does not correspond to the host sending
the directive; or in which a different host than the server (client) connects
to the endpoint specified in a PORT (PASV) directive.