📄 1444.txt
字号:
Rule:--Sid:1444--SummaryThis event is generated when a TFTP GET request is made. This is an indication that someone is attempting to download a file on the server.--ImpactA TFTP GET requests allows a remote attacker to download files on the TFTP server. If the TFTP server allows anonymous TFTP GET requests it is possible to download any of the published files on the server..--Detailed InformationThis rule will generate an event on in-bound TFTP GET requests. A TFTP GET request is generated when an attempt to download a file from the server is initiated.--Attack ScenariosAttackers may use TFTP to upload and download files from server that areproperly or improperly configured. Normally attackers attempt to locateTFTP servers using automated scanners and tools. Once a TFTP server is located an attempt to write files and get files from the TFTP server is made. Depending on the results of those tests attackers may attempt to further exploit that system, by overwriting system files or downloading password files to access the system.Cisco ONS platforms allow unauthenticated access to files via TFTP. Thisevent may be generated when an attempt is made to access files on a Cisco device using TFTP.--Ease of AttackSimple: Numerous tools and automated scripts exist for scanning largesubnets for improperly configured TFTP servers.--False PositivesLegitimate TFTP GET requests for polling routers or other networkdevices may trigger this rule. --False NegativesNone known--Corrective ActionThe TFTP server should be configured to only allow GET requests fromtrusted locations.--ContributorsOriginal rule writer unknownSourcefire Research TeamMatthew Watchinski <Matt.Watchinski@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>--Additional ReferencesCVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0183Arachnids:http://www.whitehats.com/info/IDS148Bugtraq:http://www.securityfocus.com/bid/9699--⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -