Plugin ID | 209 |
Plugin name | FTP server detection |
Plugin filename | FTP server detection.plugin |
Plugin filesize | 3323 bytes |
Plugin family | FTP |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2004/09/13 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/13 |
Plugin version | 1.1 |
Plugin changelog | Corrected the plugin structure and added the accuracy values in 1.1 |
Plugin protocol | tcp |
Plugin port | 21 |
Plugin procedure detection | open|sleep|close|pattern_exists FTP server OR ftp. OR *ftp#.* |
Plugin detection accuracy | 97 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug affected | All ftp servers |
Bug not affected | Other servers and solutions |
Bug vulnerability class | Configuration |
Bug description | The target is running a ftp service. FTP (file transfer protocol) is a protocol for transferring files between systems. The ftp service is used by many applications for data communications. Some systems also allow users to connect to an ftp server to upload and download files. ftp servers are vulnerable to a wide range of attacks designed to retrieve files without authorization (including password files) and execute commands on other parts of the server. |
Bug solution | A service if not needed should be de-installed or disabled. If this is not possible, an access control list (ACL) with firewalling should be applied to this port. And if possible change the welcome banner to confuse an attacker and give him false information. Don't allow anonymous ftp access unless it is absolutely necessary. Configure your system to log all ftp accesses and transfers and periodically check these logs for patterns of misuse. Make sure the home directory of your ftp server is not writable and disallow connections from system IDs (including root, uucp, nobody, and bin). |
Bug fixing time | Approx. 2 hours |
Bug exploit availability | Yes |
Bug remote | Yes |
Bug local | Yes |
Bug severity | Low |
Bug popularity | 9 |
Bug simplicity | 8 |
Bug impact | 3 |
Bug risk | 6 |
Bug Symantec NetRecon rating | 14 |
Bug check tools | Nessus and Symantec NetRecon are able to do a similar or the same and further checks. |
Source CVE | CVE-1999-0614 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.computec.ch |