Wikipedia

FTP bounce attack

FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine, which serves as a proxy for the request, similar to an Open mail relay using SMTP.[1]

This technique can be used to port scan hosts discreetly, and to potentially bypass a network Access-control list to access specific ports that the attacker cannot access through a direct connection, for example with the nmap port scanner.[2]

Nearly all modern FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.

See also

References

  1. ^ M. Allman; S. Ostermann. "RFC 2577". doi:10.17487/RFC2577.
  2. ^ "ftp-bounce", Nmap Scripting Engine documentation

External links

This article is copied from an article on Wikipedia® - the free encyclopedia created and edited by its online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of Wikipedia® encyclopedia articles provide accurate and timely information, please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Copyright © 2003-2025 Farlex, Inc Disclaimer
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.