Hi everyone,
I frequently run security scans against my BBS and in the reports I have put my attention to a potential vulnerability using the FTP bounce attack (1).
Thanks for the head's up. The Synchronet FTP server has (since 2001) rejected FTP-Bounces to reserved/system TCP ports (< 1024), so I'm not sure how "vulnerable" it really was, but in any case, I've committed a change to
disallow FTP Bounces to *any* TCP port on a 3rd party IP address, by default. --
Sysop: | Gate Keeper |
---|---|
Location: | Shelby, NC |
Users: | 719 |
Nodes: | 20 (0 / 20) |
Uptime: | 187:14:58 |
Calls: | 9,288 |
Files: | 5,288 |
D/L today: |
7 files (411M bytes) |
Messages: | 467,659 |