GEN:SID | 1:553 |
Message | POLICY FTP anonymous login attempt |
Summary | The event is generated when an attempt is made to log on to an FTP server with the username of "anonymous".
|
Impact | Information gathering or remote access. This activity may be a precursor to navigating through the accessible directories on the anonymous FTP server to do reconnaissance of the server. Alternately, this may be a precursor of attempting an exploit, such as a buffer overflow, that may permit remote access to the vulnerable FTP server.
|
Detailed Information | FTP servers may permit anonymous user access to share authorized public files. FTP servers must have tighly restricted permissions to prevent anonymous users from navigating or writing to unauthorized directories. If permissions are incorrectly assigned, an attacker may attempt to store unauthorized "warez" files of pirated software. Alternately, anonymous access to a vulnerable FTP server may permit an attacker to exploit a buffer overflow, permitting execution of arbitrary commands on the host.
|
Affected Systems | FTP servers allowing anonymous user access
|
Attack Scenarios | An attacker may employ anonymous user access to do reconnaissance, store unauthorized files, or attempt an exploit on a vulnerable FTP server.
|
Ease of Attack | Simple
|
Corrective Action | Disable anonymous access on the FTP server if it is not required.
|
Additional References | |