Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:489 |
| Message | INFO FTP no password |
| Summary | This event is generated when an attempt is made to log into an ftp server with an empty password. |
| Impact | Possible unauthorized access, invalid login attempt. |
| Detailed Information | An attempt was made to log into an ftp server with an empty password. This is an unusual behavior as every ftp login usually has a password, even anonymous ones. An empty password might mean the system was already compromised and a username exists with no password. |
| Affected Systems | Machines running ftp servers. |
| Attack Scenarios | An attacker gains access to the system via a vulnerability, creates a login without a password and then tries to ftp to the system with that login. |
| Ease of Attack | Simple, no exploit software required. |
| Corrective Action | Check all the usernames on the system for empty passwords. |
| Additional References | Arachnids: http://www.whitehats.com/info/IDS322 |
| Rule References | arachnids: 322 |
--
DID:845976
--
http://www.aanval.com/