Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:508 |
| Message | MISC gopher proxy |
| Summary | This event is generated when a Gopher server is used as a proxy to connect to an FTP server. |
| Impact | This allows a user to assume the source IP of the Gopher server when connecting to an FTP server. |
| Detailed Information | A Gopher server may support proxy connections to FTP servers. This allows a user to assume the source IP of the Gopher server when connecting to an FTP server. This may be used to bypass FTP access restrictions based on source IP's. |
| Affected Systems | Any Gopher server that supports proxy connections to FTP servers. |
| Attack Scenarios | A user who is normally restricted access to an FTP server based on the originating IP may attempt to circumvent this by attempting access from a Gopher server that supports proxy connections to FTP servers. |
| Ease of Attack | Simple. |
| Corrective Action | Disable the use of Gopher server. |
| Additional References | Whitehats www.whitehats.com/info/IDS409 |
| Rule References | arachnids: 409 |
--
DID:713378
--
http://www.aanval.com/