[Snort-sigs] Signature Definition #358, 2 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 05:10:09 EDT 2003

 Rule: -- FTP saint scan 
 Sid: -- 358
 Summary: -- This signature detects a Saint Scan scanning to any box on the
network to port 21.  The Saint Scanner uses the string "saint" as a password
to login to an FTP Server
 Impact: -- If you have unknown anonymous login boxes on your network, this
will help you remedy that.
 Detailed Information: -- Saint Scanner is a vulnerability detection tool
that attempts logins (per policy use) to network boxes on port 21.  For a
password the Saint Scanner will use the string "pass -saint".
 Affected Systems: -- FTP Servers known or unknown with anonymous login
 Attack Scenarios: -- 
 Ease of Attack: -- Easy
 False Positives: -- If a user uses the password string "saint" upon FTP
login it can trigger this signature
 False Negatives: -- 
 Corrective Action: -- Disable anonymous login on FTP Servers and require
users to authenticate with a secure password.  Block offending IP's at the
 Contributors: -- Joel Esler
 Additional References: arachnids,330

More information about the Snort-sigs mailing list