So I have some internal application that is apparently issuing a PORT command with out authenticating first, causing this sig to fire. I'm trying to decide whether I care (does this have security implications or is this just another stupid app).
What is the purpose of the signature? Is there a particular vulnerability it attempts to detect? Is there some FTP server that allows the PORT command without authentication first?
Yes, there are actually a couple vulnerable servers that allow that to happen.
It is exactly the port command issued to start the session. If the signature fires from a constant source or to a constant destinatio, I'd investigate at least so you know what it is and make your decision.
HP-UX had an issue with it's FTP daemon. That was what this was written for. Basically, the daemon allowed connections and directory listing retreival as user root ... unauthenticated. I seem to remmeber another, but can;t find it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...