| GEN:SID | 1:1445 |
| Message | POLICY FTP file_id.diz access possible warez site |
| Summary | This event is generated when an attempt is made to retrieve a file called 'file_id.diz'
|
| Impact | Such files are sometimes used on 'warez' sites to describe the contents of a directory
|
| Detailed Information | A lot of warez sites use small files called 'file_id.diz' to describe the name of the release and the group which released the software/material.
|
| Affected Systems | Machines running ftp servers.
|
| Attack Scenarios | After finding a ftp server containing illegal contents, the user downloads the file 'file_id.diz' to verify the contents of a directory, and then, if if the attacker chooses, other files in that directory.
|
| Ease of Attack | Simple.
|
| Corrective Action | Verify the location and contents of the 'file_id.diz' files on your ftp server and take appropriate action.
|
| Additional References | |