Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1449 |
Message | POLICY FTP anonymous ftp login attempt |
Summary | This event is generated when an attempt is made to log on anonymously to an ftp server. |
Impact | Information gathering, further exploit/abuse possible. |
Detailed Information | Anonymous logins are usually the first step in the process of gathering data about a machine running the ftp server. The ftp server might be abused for hosting illegal content or an exploit could be performed, gaining elevated privileges. |
Affected Systems | Machines running anonymous ftp servers. |
Attack Scenarios | The attacker can run an automated script over a range of IP addresses to detect ftp servers that allow anonymous access and create a list of such servers, to be used later. |
Ease of Attack | Simple. |
Corrective Action | Disable anonymous access on your ftp server. |
Additional References |
--
DID:460303
--
http://www.aanval.com/