TFTP Backdoor Detection

Critical Nessus Plugin ID 18263


The remote host is compromised.


A TFTP server is running on this port. However, while trying to fetch a random file, we got an executable file.

Many worms are known to propagate through TFTP. This is probably a backdoor.


Disinfect / reinstall your system.

Plugin Details

Severity: Critical

ID: 18263

File Name: tftpd_backdoor.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Backdoors

Published: 2005/05/16

Modified: 2013/01/25

Dependencies: 18262

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Services/udp/tftp