08-01-2006 07:21 AM - edited 03-10-2019 03:08 AM
So I have some internal application that is apparently issuing a PORT command with out authenticating first, causing this sig to fire. I'm trying to decide whether I care (does this have security implications or is this just another stupid app).
What is the purpose of the signature? Is there a particular vulnerability it attempts to detect? Is there some FTP server that allows the PORT command without authentication first?
08-01-2006 04:53 PM
Yes, there are actually a couple vulnerable servers that allow that to happen.
It is exactly the port command issued to start the session. If the signature fires from a constant source or to a constant destinatio, I'd investigate at least so you know what it is and make your decision.
08-02-2006 04:34 AM
Thanks. Can you give me details on which ftp software is affected? I know in this case, the ftp daemon is not affected.
08-02-2006 05:36 AM
HP-UX had an issue with it's FTP daemon. That was what this was written for. Basically, the daemon allowed connections and directory listing retreival as user root ... unauthenticated. I seem to remmeber another, but can;t find it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide