FTP port bounce prevention
Wed, 01 Sep 2010
One of the ways people try to prevent ftp port bounce attacks and
probing is to require in the FTP server that the PORT command must
specify the same IP as the originator of the control channel. Is this
possible with DeleGate? From the documentation, it seems like DeleGate
only supports turning the PORT command off entirely.
Either of these two things would work while still allowing PORT commands:
1) An option to ignore the IP given in a PORT command and silently use
the same IP as the control channel.
2) An option to reject the PORT command if the IP address is not the
same as the one in the control channel.
Both of these options would be non-RFC-compliant behavior, but several
security audit standards are requiring something of this sort.
Director, IT Services