Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: David Fifield <david () bamsoftware com>
Date: Thu, 27 May 2010 20:54:14 -0600
On Mon, May 24, 2010 at 12:14:58PM +0200, Gutek wrote:
Looks like we have a chronic false positive. I'm testing in-the-wild with -iR and the good news is that when it comes to 230 positive check i've not encountered any false positive so far. But the false-positive condition appears when the "Anonymous FTP login allowed (FTP code 200)" was found. Each time, it was a CheckPoint Firewall. It is a "secure FTP server", kind of proxy-ftp : -> user have first to connect and identify on it with USER <my-account-on-the-real-ftp-I-wana-contact@the-ftp-I-wanna-contact>, -> PASS <firewall's-password> <- 230- User <my-account-on-the-real-ftp-I-wana-contact> authenticated by FireWall-1 authentication <- 200- you can use 'quote hostname' or Account command ('ACCT') --NOTE : this line seems to be typical to CheckPoint Firewall -> quote <the-ftp-I-wanna-contact> OR -> ACCT <the-ftp-I-wanna-contact> <- 230- Logging in... <- 220- <Version> Server Ready -> USER, PASS...We're on the "final" server and so we can use the usual scheme.
If I understand you correctly, this isn't a false positive at all. Doesn't the 200 code mean that this is an open FTP proxy? In that case I would say the script is working as designed. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Sounds like ftp-anon needs work?, (continued)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 04)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 04)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 23)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)
- Re: Sounds like ftp-anon needs work? David Fifield (May 27)
- Re: Sounds like ftp-anon needs work? David Fifield (May 27)