FTP bounce attack
FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine, which serves as a proxy for the request, similar to an Open mail relay using SMTP.{{cite web
|url=https://tools.ietf.org/html/rfc2577
|title= RFC 2577
|author1=M. Allman |author2=S. Ostermann
|date= 1999
|doi=10.17487/RFC2577
}}
This technique can be used to port scan hosts discreetly, and to potentially bypass a network's access-control list to access specific ports that the attacker cannot access through a direct connection, for example with the nmap port scanner.[http://nmap.org/nsedoc/scripts/ftp-bounce.html "ftp-bounce"], Nmap Scripting Engine documentation
Nearly all modern FTP server programs are configured by default to refuse File eXchange Protocol, thwarting FTP bounce attacks.
See also
References
{{reflist}}
External links
- [https://www.cert.org/historical/advisories/ca-1997-27.cfm CERT Advisory on FTP Bounce Attack]
- [https://web.archive.org/web/20131105191347/http://www.cert.org/tech_tips/ftp_port_attacks.html CERT Article on FTP Bounce Attack]
- [http://insecure.org/nmap/hobbit.ftpbounce.txt Original posting describing the attack]
Category:File Transfer Protocol
Category:Computer network security
{{compu-network-stub}}