Article delegate-en/4895 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] FTP port bounce prevention
31 Aug 2010 23:27:48 GMT Jacob Lundberg <>


One of the ways people try to prevent ftp port bounce attacks and
probing is to require in the FTP server that the PORT command must
specify the same IP as the originator of the control channel.  Is this
possible with DeleGate?  From the documentation, it seems like DeleGate
only supports turning the PORT command off entirely.

Either of these two things would work while still allowing PORT commands:

1) An option to ignore the IP given in a PORT command and silently use
the same IP as the control channel.

2) An option to reject the PORT command if the IP address is not the
same as the one in the control channel.

Both of these options would be non-RFC-compliant behavior, but several
security audit standards are requiring something of this sort.



Jacob Lundberg
Director, IT Services
503.290.0100 (voice)
503.973.5252 (fax)
503.901.8343 (cell)

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]