Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:545 |
| Message | POLICY FTP 'CWD / ' possible warez site |
| Summary | This event is generated when an attempt is made to navigate in an FTP sessions to a hidden directory named "/ ". |
| Impact | Unauthorized file storage. An attacker may attempt to navigate on an FTP server to the "/ " directory to list or store unauthorized files such as unlicensed software. |
| Detailed Information | An attacker may attempt to hide unauthorized files in a hidden directory named "/ ". This hidden directory is hard to discover, permitting attackers to store unauthorized "warez" files, such as unlicensed or pirated software. |
| Affected Systems | FTP servers |
| Attack Scenarios | An attacker may navigate to the hidden directory named "/ " to list or store unauthorized files. |
| Ease of Attack | Simple. |
| Corrective Action | Assign restrictive permissions to all directories so unauthorized users cannot navigate or write to them. Regularly monitor directories for sudden or drastic increased use of space. |
| Additional References |
--
DID:678500
--
http://www.aanval.com/