Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 904

Network and Security Manager Administration Guide
Table 122: Deep Inspection Alarm Log Entries (continued)
Attack Name
FTP:EXPLOIT:ILLEGAL-PORT
FTP:EXPLOIT:OPENFTPD-MSG-FS
FTP:EXPLOIT:SYNTAX-ERROR
FTP:EXPLOIT:TYPSOFT-DOS
FTP:EXPLOIT:WIN32-WFTPD-BOF
FTP:FILE:FTP-PUT-AUTOEXECBAT
FTP:MS-FTP:ASTERISK
FTP:MS-FTP:STAT-GLOB
FTP:OVERFLOW:BSD-FTPD-MKD-OF
854
Attack Description
This protocol anomaly is an FTP PORT command/response
to a PASV command ("227...") that specifies a
reserved port number. This may indicate an attempt to make
the firewall open reserved ports.
This signature detects attempts to exploit a format string
vulnerability in the OpenFTP daemon.
This protocol anomaly is a syntax error in an FTP
command/response, such as a malformed PORT command
or 227 response. This may indicate an exploit attempt.
This signature detects denial-of-service (DoS) attempts
against TypSoft FTP Server. TypSoft FTP Server 1.10 and
earlier versions are vulnerable. Attackers may send known
malicious FTP path strings to exhaust all system resources
and crash a TypSoft FTP Server.
This signature detects invalid LIST, NLST, and STAT
commands. WS-FTPD for Windows (trial versions 3.20 and
3.21, Pro and Standard) contains a vulnerability in the
command parser that may allow malicious users to crash
the service or execute arbitrary code.
This signature detects an attempt by an attacker to exploit
a directory traversal vulnerability in the SunFTP daemon.
Successful exploitation of this vulnerability may allow an
attacker to read and write to files outside of the daemon's
directory structure. This vulnerability is present in SunFTP
build 9.
This signature detects denial-of-service (DoS) attempts
against Microsoft FTP Service in Microsoft IIS 4.0 and 5.0.
Attackers who have previously established an FTP session
may send glob characters within a maliciously crafted NLST
request to crash the server.
This signature detects denial-of-service (DoS) attempts
against Microsoft FTP Service in Microsoft IIS 4.0 and 5.0.
Attackers who have previously established an FTP session
may send glob characters within a maliciously crafted status
request to crash the server.
This signature detects buffer overflow attempts against the
FTPD that ships with early versions of FreeBSD 4.x and
OpenBSD 2.8. FTPD 6.00LS and 6.5/OpenBSD versions are
vulnerable. Attackers may gain local host access and root
permissions.
Severity Versions
high sos5.0.0,
sos5.1.0
critical sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
critical sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.