| GEN:SID | 1:358 |
| Message | FTP saint scan |
| Summary | This event is generated when an attempt is made to login anonymously into an ftp server using a suspicious password (-saint)
|
| Impact | Possible unauthorized access. Information gathering.
|
| Detailed Information | Saint is an open-source security scanner which checks for common vulnerabilities. When it detects an open ftp server, it tries to log in anonymously using the password '-saint'
|
| Affected Systems | Machines running anonymous ftp servers.
|
| Attack Scenarios | An attacker scans a range of IPs using the Saint Scanner, checking for known vulnerabilities. If the scanner encounters a ftp server, it tries to log in .
|
| Ease of Attack | Simple.
|
| Corrective Action | Disable anonymous FTP access.
|
| Additional References | Arachnids: http://www.whitehats.com/info/IDS330
|
| Rule References | arachnids: 330
|