GEN:SID | 1:359 |
Message | FTP satan scan |
Summary | This event is generated when an attempt is made to login anonymously into an ftp server using a suspicious password (-satan)
|
Impact | Possible unauthorized access. Information gathering.
|
Detailed Information | Satan is an open-source security scanner,a predecessor to Saint, which checks for common vulnerabilities. When it detects an open ftp server, it tries to log in anonymously using the password '-satan'
|
Affected Systems | Machines running anonymous ftp servers.
|
Attack Scenarios | An attacker scans a range of IPs using the Satan Scanner, checking for known vulnerabilities. If the scanner encounters a ftp server, it tries to log in .
|
Ease of Attack | Simple.
|
Corrective Action | Disable anonymous FTP access.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS329
|
Rule References | arachnids: 329
|