HIGH: Accessible AFP Report

DESCRIPTION LAST UPDATED: 2023-12-07

DEFAULT SEVERITY LEVEL: HIGH

This report identifies hosts that have the Apple Filing Protocol (AFP) running and accessible on the Internet.

See https://en.wikipedia.org/wiki/Apple_Filing_Protocol for more information.

You can track latest AFP scan results on our Dashboard.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename: scan_afp

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the AFP response came on (always TCP)
  • port
    Port that the AFP response came from (548/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be afp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • machine_type
    Version of the hardware the AFP service is running on, if it is Apple hardware
  • afp_versions
    What versions of AFP the server can use
  • uams
    User Authentication Methods supported
  • flags
    AFP features supported
  • server_name
    Name of the AFP server
  • signature
    A 16-byte value that uniquely identifies a server used to prevent an AFP client from logging on to the same server twice
  • directory_service
    External directory service in use, if any
  • utf8_servername
    UTF-8 rendition of the server name; aka, trivial name
  • network_address
    What IP addresses the service is advertising (if any)
  • sector
    Sector the device belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","machine_type","afp_versions","uams","flags","server_name","signature","directory_service","utf8_servername","network_address","sector"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,548,node01.example.com,afp,64512,ZZ,Region,City,0,ptr,Netatalk3.0.3,"AFP2.2,AFPX03,AFP3.1,AFP3.2,AFP3.3","DHX2,Cleartxt Passwrd,No User Authent","SupportsCopyFile,DontAllowSavePwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP,SupportsSrvrNotifications,SupportsOpenDirectory,SupportsUTF8Servername,SupportsUUIDs,SupportsSuperClient",MyBookLive,d7d27fdc7cb0c3eeb7919228f45ea96b,,MyBookLive,192.168.0.1,
"2010-02-10 00:00:01",high,192.168.0.2,tcp,548,node02.example.com,afp,64512,ZZ,Region,City,0,ptr,"Macmini5,3","AFP3.4,AFP3.3,AFP3.2,AFP3.1,AFPX03","DHCAST128,DHX2,Recon1,Client Krb v2,GSS","SupportsCopyFile,SupportsChgPwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP,SupportsSrvrNotifications,SupportsReconnect,SupportsOpenDirectory,SupportsUTF8Servername,SupportsUUIDs,SupportsSuperClient",Christopher,1ef29d635c3d5e219025acde2998cd22,afpserver/christopher.naterudd.com@CHRISTOPHER.NATERUDD.COM,Christopher,192.168.0.2,"Real Estate and Rental and Leasing"
"2010-02-10 00:00:02",high,192.168.0.3,tcp,548,node03.example.com,afp,64512,ZZ,Region,City,0,ptr,"TimeCapsule8,119","AFP3.3,AFP3.2,AFP3.1","DHCAST128,DHX2,SRP,Recon1","SupportsCopyFile,SupportsChgPwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP,SupportsSrvrNotifications,SupportsReconnect,SupportsOpenDirectory,SupportsUTF8Servername,SupportsUUIDs,SupportsSuperClient",andress-airport-time-capsule,4338365331304450463948360069672d,,"Andres's AirPort Time Capsule",192.168.0.3,"Communications, Service Provider, and Hosting Service"

Our 135 Report Types

« Back to Network Reporting

Shadowserver uses cookies to gather analytics. This allows us to measure how the site is used and improve the experience for our users. For more information about cookies and how Shadowserver uses them, see our privacy policy. We need your consent to use cookies in this way on your device.