Re: FTP bounce attack possible

Brian Hunter · ‎01-23-2002

I received this message in syslog yesterday:

Jan 22 15:18:59 hostname ftpd[2965]: Exiting - FTP bounce attack possible! Ctrl originating from ftp data port.

System is N4000 running 11.0 with PHNE_23949 ftpd patch. This patch should not be vulnerable to bounce attack, no? Does anyone have ideas on what might have caused this message?

All's well that ends.

Christopher Caldwell · ‎01-23-2002

The FTP bounce vulnerability was fixed along time ago - 1997 according to CERT:
http://www.cert.org/advisories/CA-1997-27.html

In wu-ftpd (the patched default on HP-UX 11.x), you can disable the protections the daemon provides against bounce attacks:

-p The default action of ftpd does not allow usage of
reserved ports as the originating port on the
client's system i.e., the PORT command cannot
specify a reserved port. This option allows the
client to specify a reserved port. Note, allowing
usage of reserved ports can result in the misuse
of ftpd. The security ramifications should be
understood before the option is turned on.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: FTP bounce attack possible

FTP bounce attack possible

Re: FTP bounce attack possible