FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine, which serves as a proxy for the request, similar to an Open mail relay using SMTP.[1]
This technique can be used to port scan hosts discreetly, and to potentially bypass a network's Access-control list to access specific ports that the attacker cannot access through a direct connection, for example with the nmap port scanner.[2]
Nearly all modern FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.
^M. Allman; S. Ostermann (1999). "RFC 2577". doi:10.17487/RFC2577.
Brute-force attackFTPbounceattack Packet capture Port stealing (guessing the next open port and usurping a legitimate connection) Spoofing attack Username...
An FTPbounceattack can allow an attacker to connect indirectly to TCP ports to which the attacker's machine has no access, using a remote FTP server...
support can make a server vulnerable to an exploit known as FTPbounce. As a result of this, FTP server software often has FXP disabled by default. Some sites...
Protocol as a replacement for the use of the FTP for mail. RFC 780 of May 1981 removed all references to FTP and allocated port 57 for TCP and UDP,[citation...
CHARGEN is commonly used in denial-of-service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to...
services, or virtual (online) or physical (offline) goods. free-to-play (F2P or FtP) Games that do not require purchase from a retailer, either physical or digital...
live election system using the Associated Press's File Transfer Protocol (FTP) service and a Ruby on Rails application; nytimes.com experienced its largest...
June 2018.{{cite web}}: CS1 maint: archived copy as title (link) "Men's FTP 2023–2027" (PDF). "England face stacked schedule as Future Tours Programme...
addition to that it had also exposed WordPress admin passwords, SSL keys and sFTP passwords. On February 16, 2023, GoDaddy revealed it had been hacked again...
Voting System, Avi Rubin at Johns Hopkins University The Case of the Diebold FTP Site by Douglas W. Jones, Professor of Computer Science at the University...
Protocol (FTP) – A standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built...
Protocol (1984), inspired the author of ping for BSD (1983), and had the first FTP implementation; IEEE Fellow; winner of the IEEE Internet Award in 2013 Yi...