Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1449 |
| Message | POLICY FTP anonymous ftp login attempt |
| Summary | This event is generated when an attempt is made to log on anonymously to an ftp server. |
| Impact | Information gathering, further exploit/abuse possible. |
| Detailed Information | Anonymous logins are usually the first step in the process of gathering data about a machine running the ftp server. The ftp server might be abused for hosting illegal content or an exploit could be performed, gaining elevated privileges. |
| Affected Systems | Machines running anonymous ftp servers. |
| Attack Scenarios | The attacker can run an automated script over a range of IP addresses to detect ftp servers that allow anonymous access and create a list of such servers, to be used later. |
| Ease of Attack | Simple. |
| Corrective Action | Disable anonymous access on your ftp server. |
| Additional References |
--
DID:460303
--
http://www.aanval.com/