GEN:SID 1:354
Message FTP iss scan
Summary This event is generated when an attempt is made to login anonymously
into an ftp server using a suspicious password (-iss@iss)
Impact Possible unauthorized access. Information gathering.
Detailed Information ISS Scanner is a security scanner which checks for common
vulnerabilities. When it detects an open ftp server, it tries to log in
anonymously using the password '-iss@iss'
Affected Systems Machines running anonymous ftp servers.
Attack Scenarios An attacker scans a range of IPs using the ISS Scanner, checking for
known vulnerabilities. If the scanner encounters a ftp server, it tries
to log in .
Ease of Attack Simple.
Corrective Action Disable anonymous FTP access.
Additional References Arachnids:
http://www.whitehats.com/info/IDS331
Rule References arachnids: 331