It is currently 20-10-2017 06:28

About 800 thousand FTP servers in your Network does not have password protection

About 800 thousand FTP servers in your Network does not have password protection

by sigismund » 2016-09-20 12:39:21


the Offender easily and with minimal cost can scan the Network and compile a list of potential victims.


Access 796,578 FTP servers that use IPv4 addresses can be obtained without any credentials. These are the results of a study conducted by an expert under the pseudonym Minxomat. In his blog, the expert described how with a simple script he was able to scan all addresses in the IPv4 space and without a password to connect to an unsecured FTP servers using port 21.

As explained Minxomat in conversation with the journalist of the resource Softpedia, his experiment demonstrated how easily, at minimal cost, an attacker can scan the Network and compile a list of potential victims. The study Minxomat used a KVM instance with a kernel with a clock frequency of 2 GHz, 2 GB of RAM and 10 GB of disk space.

The researcher published a full list of IP addresses of vulnerable servers on the developer portal GitHub. According to him, the scale of the problem is not so great as it might seem at first glance.

Qoute:"FTP servers that allow anonymous write access, quite rare. This exceptional case," - said the researcher.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5