FTP Bounce Attack

Conform to the FTP protocol, the ‘PORT’ command allows the originating client machine to specify an arbitrary destination machine and TCP port for the data connection.
Normally, during a normal FTP session; the FTP client provides the FTP server with its own IP address and chosen port, but it is not obliged to do so – and that is the core problem.
This means that a person can instruct the FTP server to open a connection to a port of a machine that might not be the originating client, offering some possibilities


http://www.mediafire.com/view/2ts7tz0956015tj/security_ftp_bounce_sthuy.pdf



Categories: Share

Leave a Reply