Preface: FTP PORT bounce to other systemLogo -Internet Security Systems

FTP PORT bounce to other system
advICE :Intrusions : 2001302
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Somebody is attempting to hijack the FTP service to scan other machines.

Details

When a file is requested from an FTP server, the client specifies both the IP address and port number of the recipient of that file. In theory, this is supposed to be the address/port that the client has prepared to receive the file. In some cases, it can be any system on the Internet. In particular, while it may appear to be a file from the perspective of the FTP server, the receiver may believe that these are commands of some other protocol. For example, a spammer can upload a file to the FTP server containing e-mail messages, then cause the FTP server to download them to an SMTP server that then forwards them out to the recipients.

Defense

All FTP servers can be upgraded or reconfigured to stop this activity.

 more information
CERT: CA-97.27.FTP_bounce  
 
BugtraqID: 126   Multiple Vendor FTP Bounce Attack Vulnerability
 
BugtraqID: 240   Solaris rlogind FTP bounce Vulnerability
 
The FTP Bounce Attack  
by *Hobbit* the original paper on the subject  
advICE: FTP defense  
How to harden an FTP server against Internet attacks.  
advICE: FTP exploits  
A list of common ways that intruders break into FTP servers.  
CVE-1999-0017   FTP bounce
 

 parametric information
IPA data connection is being requested to this IP address.
resultIndicates the reply to the FTP command. See FTP reply codes 

 
Version appeared:
Privacy Policy |  Copyright Info