Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:354 |
Message | FTP iss scan |
Summary | This event is generated when an attempt is made to login anonymously into an ftp server using a suspicious password (-iss@iss) |
Impact | Possible unauthorized access. Information gathering. |
Detailed Information | ISS Scanner is a security scanner which checks for common vulnerabilities. When it detects an open ftp server, it tries to log in anonymously using the password '-iss@iss' |
Affected Systems | Machines running anonymous ftp servers. |
Attack Scenarios | An attacker scans a range of IPs using the ISS Scanner, checking for known vulnerabilities. If the scanner encounters a ftp server, it tries to log in . |
Ease of Attack | Simple. |
Corrective Action | Disable anonymous FTP access. |
Additional References | Arachnids: http://www.whitehats.com/info/IDS331 |
Rule References | arachnids: 331 |
--
DID:655597
--
http://www.aanval.com/