[Snort-sigs] Signature Definition #553, 11 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 06:13:23 EDT 2003

 Rule: -- FTP anonymous login attempt
 Sid: -- 553 
 Summary: -- This string detects an anonymous login to your network.
 Impact: -- This is normal FTP Client or Server activity, however, if
unauthroized or misconfigured servers are present on your network this will
help you identify them.
 Detailed Information: -- FTP Servers, used for uploading and downloading of
files can be configured to allow anyone (anonymous) to login to the server
and download any files.  This is a normal function of the FTP Server and
should not be allowed on a secure network.  FTP Servers should have
username/password authentication.
 Affected Systems: -- Any that have the software installed
 Attack Scenarios: -- Slim to Dangerous
 Ease of Attack: -- Easy if installed
 False Positives: -- Internet Explorer, when used to login to an FTP Server,
it first attempts to login as "blank", then as "IEUser at ...1577...", Unknown if other
FTP Programs trigger the same thing
 False Negatives: -- Unknown
 Corrective Action: -- Find and disable unauthorized FTP Servers, secure
authorized FTP Servers by removing anonymous logins and require
username/password authentication
 Contributors: -- Joel Esler
 Additional References: 

More information about the Snort-sigs mailing list