Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1445 |
Message | POLICY FTP file_id.diz access possible warez site |
Summary | This event is generated when an attempt is made to retrieve a file called 'file_id.diz' |
Impact | Such files are sometimes used on 'warez' sites to describe the contents of a directory |
Detailed Information | A lot of warez sites use small files called 'file_id.diz' to describe the name of the release and the group which released the software/material. |
Affected Systems | Machines running ftp servers. |
Attack Scenarios | After finding a ftp server containing illegal contents, the user downloads the file 'file_id.diz' to verify the contents of a directory, and then, if if the attacker chooses, other files in that directory. |
Ease of Attack | Simple. |
Corrective Action | Verify the location and contents of the 'file_id.diz' files on your ftp server and take appropriate action. |
Additional References |
--
DID:259086
--
http://www.aanval.com/