HIGH: Accessible AFP Report

DESCRIPTION LAST UPDATED: 2023-12-07

DEFAULT SEVERITY LEVEL: HIGH

This report identifies hosts that have the Apple Filing Protocol (AFP) running and accessible on the Internet.

See https://en.wikipedia.org/wiki/Apple_Filing_Protocol for more information.

You can track latest AFP scan results on our Dashboard.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename: scan_afp

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the AFP response came on (always TCP)
  • port
    Port that the AFP response came from (548/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be afp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • machine_type
    Version of the hardware the AFP service is running on, if it is Apple hardware
  • afp_versions
    What versions of AFP the server can use
  • uams
    User Authentication Methods supported
  • flags
    AFP features supported
  • server_name
    Name of the AFP server
  • signature
    A 16-byte value that uniquely identifies a server used to prevent an AFP client from logging on to the same server twice
  • directory_service
    External directory service in use, if any
  • utf8_servername
    UTF-8 rendition of the server name; aka, trivial name
  • network_address
    What IP addresses the service is advertising (if any)
  • sector
    Sector the device belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","machine_type","afp_versions","uams","flags","server_name","signature","directory_service","utf8_servername","network_address","sector"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,548,node01.example.com,afp,64512,ZZ,Region,City,0,ptr,Netatalk3.0.3,"AFP2.2,AFPX03,AFP3.1,AFP3.2,AFP3.3","DHX2,Cleartxt Passwrd,No User Authent","SupportsCopyFile,DontAllowSavePwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP,SupportsSrvrNotifications,SupportsOpenDirectory,SupportsUTF8Servername,SupportsUUIDs,SupportsSuperClient",MyBookLive,d7d27fdc7cb0c3eeb7919228f45ea96b,,MyBookLive,192.168.0.1,
"2010-02-10 00:00:01",high,192.168.0.2,tcp,548,node02.example.com,afp,64512,ZZ,Region,City,0,ptr,"Macmini5,3","AFP3.4,AFP3.3,AFP3.2,AFP3.1,AFPX03","DHCAST128,DHX2,Recon1,Client Krb v2,GSS","SupportsCopyFile,SupportsChgPwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP,SupportsSrvrNotifications,SupportsReconnect,SupportsOpenDirectory,SupportsUTF8Servername,SupportsUUIDs,SupportsSuperClient",Christopher,1ef29d635c3d5e219025acde2998cd22,afpserver/christopher.naterudd.com@CHRISTOPHER.NATERUDD.COM,Christopher,192.168.0.2,"Real Estate and Rental and Leasing"
"2010-02-10 00:00:02",high,192.168.0.3,tcp,548,node03.example.com,afp,64512,ZZ,Region,City,0,ptr,"TimeCapsule8,119","AFP3.3,AFP3.2,AFP3.1","DHCAST128,DHX2,SRP,Recon1","SupportsCopyFile,SupportsChgPwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP,SupportsSrvrNotifications,SupportsReconnect,SupportsOpenDirectory,SupportsUTF8Servername,SupportsUUIDs,SupportsSuperClient",andress-airport-time-capsule,4338365331304450463948360069672d,,"Andres's AirPort Time Capsule",192.168.0.3,"Communications, Service Provider, and Hosting Service"

Our 132 Report Types

« Back to Network Reporting