Hi everyone,
I frequently run security scans against my BBS and in the reports I have put my attention to a potential vulnerability using the FTP bounce attack (1).
Thanks for the head's up. The Synchronet FTP server has (since 2001) rejected FTP-Bounces to reserved/system TCP ports (< 1024), so I'm not sure how "vulnerable" it really was, but in any case, I've committed a change to
disallow FTP Bounces to *any* TCP port on a 3rd party IP address, by default. --
Sysop: | Chris Crash |
---|---|
Location: | Huntington Beach, CA. |
Users: | 557 |
Nodes: | 8 (0 / 8) |
Uptime: | 07:54:34 |
Calls: | 10,406 |
Files: | 5 |
Messages: | 364,982 |