GEN:SID 1:1445
Message POLICY FTP file_id.diz access possible warez site
Summary This event is generated when an attempt is made to retrieve a file
called 'file_id.diz'
Impact Such files are sometimes used on 'warez' sites to describe the contents
of a directory
Detailed Information A lot of warez sites use small files called 'file_id.diz' to
describe the name of the release and the group which released the
software/material.
Affected Systems Machines running ftp servers.
Attack Scenarios After finding a ftp server containing illegal contents, the user
downloads the file 'file_id.diz' to verify the contents of a directory,
and then, if if the attacker chooses, other files in that directory.
Ease of Attack Simple.
Corrective Action Verify the location and contents of the 'file_id.diz' files on your ftp
server and take appropriate action.
Additional References