[OrPol]

ציטוט נבחר

ציטוט:

"FTP Bounce" Attacks and AllowForeignAddress
So, what does this mean for ProFTPD? By default, ProFTPD does not allow site-to-site transfers, for by allowing them, the server also allows a type of attack known as the "FTP bounce" attack:

http://www.cert.org/advisories/CA-1997-27.html
The protection against this attack is to enforce the requirement that, from the server's point of view, the remote address of a control connection matches the remote address of a data connection.

If the addresses do not match, the data connection is treated as from a foreign client, and thus rejected.
However, some site administrators do want to allow their servers to support site-to-site transfers. ProFTPD must be explicitly configured to allow these by using the AllowForeignAddress configuration directive.

מתוך http://proftpd.open-source-solution....howto/FXP.html

ועוד SECURITY ADVICE:
http://www.cert.org/advisories/CA-1997-27.html