Successful Shell Attack Detected - Windows 'fscan' Tool

High Nessus Network Monitor Plugin ID 6200

Synopsis

The results of an 'fscan' session were observed in a TCP session normally used for a standard service.

Description

The results of an 'fscan' session were observed in a TCP session normally used for a standard service. This may indicate a successful compromise of this service has occurred.

Solution

The command activity observed is indicative of a possible compromise. Consider performing a full audit of the system to investigate further.

See Also

https://www.foundstone.com/resources/proddesc/scanline.htm

Plugin Details

Severity: High

ID: 6200

File Name: 6200.prm

Family: Generic

Published: 2012/01/06

Modified: 2015/06/01

Dependencies: 1442, 1000, 1967, 1803, 2004, 2005, 1086, 1144, 1146, 1148, 1149, 1150, 1151, 1120, 1133, 1134, 1135

Risk Information

Risk Factor: High