FTP bounce attack




FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.[1]


This technique can be used to port scan hosts discreetly, and to access specific ports that the attacker cannot access through a direct connection, for example with the nmap port scanner.[2]


Nearly all modern FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.



See also


  • Confused deputy problem


References





  1. ^ M. Allman; S. Ostermann. "RFC 2577". doi:10.17487/RFC2577..mw-parser-output cite.citation{font-style:inherit}.mw-parser-output q{quotes:"""""""'""'"}.mw-parser-output code.cs1-code{color:inherit;background:inherit;border:inherit;padding:inherit}.mw-parser-output .cs1-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/6/65/Lock-green.svg/9px-Lock-green.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .cs1-lock-limited a,.mw-parser-output .cs1-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Lock-gray-alt-2.svg/9px-Lock-gray-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .cs1-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/a/aa/Lock-red-alt-2.svg/9px-Lock-red-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration{color:#555}.mw-parser-output .cs1-subscription span,.mw-parser-output .cs1-registration span{border-bottom:1px dotted;cursor:help}.mw-parser-output .cs1-hidden-error{display:none;font-size:100%}.mw-parser-output .cs1-visible-error{font-size:100%}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration,.mw-parser-output .cs1-format{font-size:95%}.mw-parser-output .cs1-kern-left,.mw-parser-output .cs1-kern-wl-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right,.mw-parser-output .cs1-kern-wl-right{padding-right:0.2em}


  2. ^ "ftp-bounce", Nmap Scripting Engine documentation




External links



  • CERT Advisory on FTP Bounce Attack

  • CERT Article on FTP Bounce Attack

  • Original posting describing the attack








Comments

Post a Comment

Popular posts from this blog

Information security

Image
This article is part of a series on Information security Related security categories Internet security Cyberwarfare Computer security Mobile security Network security Threats Computer crime Vulnerability Eavesdropping Malware Spyware Ransomware Trojans Viruses Worms Rootkits Bootkits Keyloggers Screen scrapers Exploits Backdoors Logic bombs Payloads Denial of service Defenses Computer access control Application security Antivirus software Secure coding Secure by default Secure by design Secure operating systems Authentication Multi-factor authentication Authorization Data-centric security Encryption Firewall Intrusion detection system Mobile secure gateway Runtime application self-protection (RASP) v t e Information security , sometimes shortened to InfoSec , is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Th
Read more

章鱼与海女图

Image
本条目 可参照英語維基百科相應條目来扩充 。 (2014/5/25) 若您熟悉来源语言和主题,请协助参考外语维基扩充条目。请勿直接提交机械翻译,也不要翻译不可靠、低品质内容。依版权协议,译文需在编辑摘要注明来源,或于讨论页顶部标记 {{Translated page}} 标签。 本条目 需要擴充。 (2013年8月15日) 请協助改善这篇條目,更進一步的信息可能會在討論頁或扩充请求中找到。请在擴充條目後將此模板移除。 《 章鱼与海女 》(日语: 蛸と海女 / たことあま   Tako to ama )是一幅由日本畫家葛饰北斋创作的浮世绘,出自1814年(文化4年)出版的艳本《喜能会之故真通》(日语: 喜能会之故真通 / きのえのこまつ   Kinoe no Komatsu )。畫中有兩隻章鱼以觸手攻擊一名採珠的海女,並進行擬似戀獸癖的交媾行為。作品尺寸为6½" × 8¾" (16.51 cm × 22.23 cm)。 [1] 在此之前的类似作品还有北尾重政的艳本《謡曲色番組》及勝川春潮的艳本《艳本千夜多女志》等,有被北斋作为参考的可能性。 《章鱼与海女图》有不同英文翻译,一般称The Dream of the Fisherman's Wife,又作Girl Diver and Octopi、Diver and Two Octopi,Richard Douglas Lane称其为 Girl Diver and Octopi [2] ,Mathi Forrer 称其为 Pearl Diver and Two Octopi [3] ,Danielle Talerico 称其为 Diver and Two Octopi 。 [4] 目录 1 作品介绍 1.1 画中对话 1.2 解释 2 评价 3 影响 3.1 模仿作品 4 另见 5 参考来源 6 外部連結 作品介绍 画中对话 原文 译文 大蛸: いつぞハいつぞハとねらいすましてゐたかいがあつて、けふといふけふ、とうとうとらまへたア。てもむつくりとしたいいぼぼだ。いもよりハなをこうぶつだ。サアサア、すつてすつてすいつくして
Read more

Farm Security Administration

Image
Farm Security Administration Farm Security Administration logo Agency overview Formed September 1, 1937  ( 1937-09-01 ) Preceding agencies Resettlement Administration Federal Emergency Relief Administration Dissolved 1946 Superseding agency Farmers Home Administration Key documents Farm Security Act Bankhead-Jones Farm Tenant Act The Farm Security Administration ( FSA ) was a New Deal agency created in 1937 to combat rural poverty during the Great Depression in the United States. It succeeded the Resettlement Administration (1935–1937). [1] The FSA stressed "rural rehabilitation" efforts to improve the lifestyle of sharecroppers, tenants, very poor landowning farmers, and a program to purchase submarginal land owned by poor farmers and resettle them in group farms on land more suitable for efficient farming. Critics, including the Farm Bureau, strongly opposed the FSA as an experiment in collectivizing agriculture—that is, in bringing
Read more