Hi everyone,
I frequently run security scans against my BBS and in the reports I have put my attention to a potential vulnerability using the FTP bounce attack (1).
Thanks for the head's up. The Synchronet FTP server has (since 2001) rejected FTP-Bounces to reserved/system TCP ports (< 1024), so I'm not sure how "vulnerable" it really was, but in any case, I've committed a change to
disallow FTP Bounces to *any* TCP port on a 3rd party IP address, by default. --
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 510 |
Nodes: | 10 (1 / 9) |
Uptime: | 117:51:34 |
Calls: | 8,198 |
Calls today: | 5 |
Files: | 15,442 |
Messages: | 913,421 |
Posted today: | 8 |