FTP_rhost

 

Code: p56

Severity: Warning

 

Description: This event is generated when an attempt to copy a specific file to an FTP server is made.

Impact: An attacker might gain the ability to remotely connect to a server via r-commands without using a password.

Corrective: Locate the uploaded ".rhosts" file and check it for signs of suspicious entries. Check the server logs for other suspicious events that might have occurred within the same FTP session Disallow uploading of files via FTP and use Secure Shell (SSH) for transferring files by users. Disallow the use of r-commands for file transfer and login procedures.