GEN:SID | 1:1445 |
Message | POLICY FTP file_id.diz access possible warez site |
Summary | This event is generated when an attempt is made to retrieve a file called 'file_id.diz'
|
Impact | Such files are sometimes used on 'warez' sites to describe the contents of a directory
|
Detailed Information | A lot of warez sites use small files called 'file_id.diz' to describe the name of the release and the group which released the software/material.
|
Affected Systems | Machines running ftp servers.
|
Attack Scenarios | After finding a ftp server containing illegal contents, the user downloads the file 'file_id.diz' to verify the contents of a directory, and then, if if the attacker chooses, other files in that directory.
|
Ease of Attack | Simple.
|
Corrective Action | Verify the location and contents of the 'file_id.diz' files on your ftp server and take appropriate action.
|
Additional References | |