Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:547 |
Message | POLICY FTP 'MKD ' possible warez site |
Summary | This event is generated when an attempt is made to create a directory name that begins with a space on an FTP server. |
Impact | Unauthorized file storage. An attacker may attempt to create a directory name that begins with a space on an FTP server, possibly in preparation to store unauthorized files. |
Detailed Information | An attacker may attempt to create a hidden directory name that begins with a space on an FTP server . This hidden directory is hard to discover, permitting attackers to store unauthorized "warez" files, such as unlicensed or pirated software. |
Affected Systems | FTP servers |
Attack Scenarios | An attacker may attempt to create a hidden directory name that begins with a space to store unauthorized files. |
Ease of Attack | Simple |
Corrective Action | Assign restrictive permissions to all directories so unauthorized users cannot navigate or write to them. Regularly monitor directories for sudden or drastic increased use of space. |
Additional References |
--
DID:747103
--
http://www.aanval.com/