SecurityHive

To verify that the FTP Sensor is running and is configured correctly, the following test could be executed. All the tests are executed with NMAP NSE scripts to impersonate real attacks by bots and/or hackers.

To check if the FTP sensor is running on port 445 we could execute the following NMAP query:

If the sensor is correctly configured, we expect the following result: 

Nmap scan report for &lt;ip of honeypot&gt; Host is up (0.0014s latency). PORT STATE SERVICE VERSION 21/tcp open ftp ? MAC Address: 08:00:00:00:00:01 (Unknown)

We can trigger an attack using FileZilla Client. Connect to the honeypot as host. Username and Password are not required(Anonymous), but can be entered. Use the configured port to connect (21 by default).

Connect via the method active and transfer binary files (like images).

Test FTP sensor

Dashboard

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Open FTP Ports

Connecting over (s)FTP