FTP Attack - Successful SITE EXEC Command

high Nessus Network Monitor Plugin ID 6217

Synopsis

An FTP user issued a successful SITE EXEC command.

Description

An FTP user issued a successful SITE EXEC command. The SITE EXEC command is often attempted by remote hackers to run UNIX and Windows commands directly on the FTP server. This NNM rule detects a successful command execution, not an attempt.

Solution

Disable the FTP service or restrict access to it.

Plugin Details

Severity: High

ID: 6217

Family: Generic

Published: 1/6/2012

Updated: 1/16/2019

Detections

Analytics