FTP bounce attack

FTP bounce attack

In the field of computer networking and security, the FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.

This technique can be used to port scan hosts discreetly, and to access specific ports that the attacker cannot access through a direct connection.

nmap is a port scanner that can utilize an FTP bounce attack to scan other servers.

Nowadays, nearly all FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.

ee also

* Confused deputy problem

External links

* [http://www.cert.org/advisories/CA-1997-27.html CERT Advisory on FTP Bounce Attack]
* [http://www.cert.org/tech_tips/ftp_port_attacks.html CERT Article on FTP Bounce Attack]
* [http://insecure.org/nmap/hobbit.ftpbounce.txt Original posting describing the attack]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • File Exchange Protocol — (FXP) ist das im File Transfer Protocol definierte und dort unbenannte Verfahren, dass ein Client Dateiübertragungen zwischen zwei Servern steuert (Server zu Server). Die Dateien nehmen dabei nicht den Weg über den Client, wodurch Zeit gespart… …   Deutsch Wikipedia

  • Confused deputy problem — A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation. In information security, the confused deputy problem is often cited as an example of …   Wikipedia

  • Qmail — Infobox Software name = qmail logo = caption = developer = Daniel J. Bernstein latest release version = 1.03 latest release date = release date|1998|06|15 latest preview version = netqmail 1.06 latest preview date = November 11, 2007 operating… …   Wikipedia

  • Platform game — This article is about the computer and video game genre. For platformer units in petroleum refining, see Catalytic reforming …   Wikipedia

  • Starship Troopers — Infobox Book name = Starship Troopers image caption = First edition cover author = Robert A. Heinlein cover artist = country = United States language = English genre = Science fiction Philosophical novel… …   Wikipedia

  • Premier Election Solutions — Industry Electronic Voting hardware Consulting Founded Ohio (January 22, 2002) Headquarters North Canton, Ohio, United States Products AccuVote TSX, AccuVote OS, AccuView Printer Module, Global Election Manageme …   Wikipedia

  • Disney Channel (UK & Ireland) — For the Disney Channel in other countries, see Disney Channel International Networks. For the original Disney Channel, see Disney Channel. Disney Channel Launched 1 October 1995 Owned by …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”