+++ to secure your transactions use the Bitcoin Mixer Service +++

 

We need Your Support. Make a Donation now! or Buy Me A Coffee

Jump to content

FTP bounce attack

Edit links
From Wikipedia, the free encyclopedia

This is the current revision of this page, as edited by Citation bot (talk | contribs) at 18:32, 21 December 2023 (Add: date. | Use this bot. Report bugs. | Suggested by Abductive | Category:Computer network stubs | #UCB_Category 57/547). The present address (URL) is a permanent link to this version.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine, which serves as a proxy for the request, similar to an Open mail relay using SMTP.[1]

This technique can be used to port scan hosts discreetly, and to potentially bypass a network's Access-control list to access specific ports that the attacker cannot access through a direct connection, for example with the nmap port scanner.[2]

Nearly all modern FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.

See also[edit]

References[edit]

  1. ^ M. Allman; S. Ostermann (1999). "RFC 2577". doi:10.17487/RFC2577.
  2. ^ "ftp-bounce", Nmap Scripting Engine documentation

External links[edit]

Stub icon

This computer networking article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=FTP_bounce_attack&oldid=1191133730"

We need Your Support. Make a Donation now! or