"FTP Bounce" Attacks and AllowForeignAddress
So, what does this mean for ProFTPD? By default, ProFTPD does not allow site-to-site transfers, for by allowing them, the server also allows a type of attack known as the "FTP bounce" attack:
http://www.cert.org/advisories/CA-1997-27.html The protection against this attack is to enforce the requirement that, from the server's point of view, the remote address of a control connection matches the remote address of a data connection.
If the addresses do not match, the data connection is treated as from a foreign client, and thus rejected.
However, some site administrators do want to allow their servers to support site-to-site transfers. ProFTPD must be explicitly configured to allow these by using the AllowForeignAddress configuration directive.
10-11-12, 10:59
תצורת אשכולות