Electronic Books

These servers must be using
the default FTP port of 21 in order for the scanner to detect the server.
The biggest concern with FTP is that the data be sent unencrypted
(also known as clear text). An attacker that intercepts this clear text
can easily read all data within the communication.
Procedure: From the FTPScanner application enter the target IP address
range.
170
Practical Hacking Techniques and Countermeasures
Select Session, then Begin. The FTPScanner will execute against the target.
In this example the FTPScanner scanned five targets and identified two
targets running an FTP server that permits Anonymous FTP connections. The
located server IP addresses are saved to a text file in the directory of the
application.
Many times an FTP server is set up with this Anonymous access unintentionally.
An attacker will connect to an Anonymous FTP server to determine
if sensitive data either resides on the server, if the FTP server itself has a weakness,
or if the version of the FTP service itself has a known exploit.
This application is ???buggy??? but effective in that it tends to scan beyond
the desired range of targets.
*Note: This FTPScanner application has been known to crash older versions of the
Novell NetWare server, version 4.x. The fault lies in the server not having the
required updates applied. In every instance in which this has occurred on
the Novell server, the hard drive on the server had to be rebuilt from scratch.


Pages:
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90