FTP is a protocol born in 1971, well before the modern threat landscape. It transmits credentials and data in cleartext, making it a frequent target for credential sniffing, brute-force attacks, and man-in-the-middle exploits. The fact that an organization still runs an FTP server in the current decade suggests one of three things: legacy industrial equipment (e.g., medical imagers, manufacturing controllers) that cannot support SFTP/FTPS, a deliberate choice for anonymous public file drops, or simple technical debt. Patching such a server is not just routine maintenance—it is a risk-reduction imperative. The update could close vulnerabilities like CVE-1999-0002 (FTP bounce attack) or more recent logic flaws in specific FTP daemons.
alert tcp $HOME_NET 21 -> $EXTERNAL_NET any (msg:"ICC FTP 10161oo244 Unpatched"; content:"220 ICC FTP Server 10161oo244"; fast_pattern; sid:10161244; rev:1;) 10161oo244 icc ftp server patched
If a server like ICC's was recently patched, it was likely to address one of these high-impact vulnerabilities: FTP is a protocol born in 1971, well