GEN:SID | 1:1449 |
Message | POLICY FTP anonymous ftp login attempt |
Summary | This event is generated when an attempt is made to log on anonymously to an ftp server.
|
Impact | Information gathering, further exploit/abuse possible.
|
Detailed Information | Anonymous logins are usually the first step in the process of gathering data about a machine running the ftp server. The ftp server might be abused for hosting illegal content or an exploit could be performed, gaining elevated privileges.
|
Affected Systems | Machines running anonymous ftp servers.
|
Attack Scenarios | The attacker can run an automated script over a range of IP addresses to detect ftp servers that allow anonymous access and create a list of such servers, to be used later.
|
Ease of Attack | Simple.
|
Corrective Action | Disable anonymous access on your ftp server.
|
Additional References | |