Hi everyone,
I frequently run security scans against my BBS and in the reports I have put my attention to a potential vulnerability using the FTP bounce attack (1).
Thanks for the head's up. The Synchronet FTP server has (since 2001) rejected FTP-Bounces to reserved/system TCP ports (< 1024), so I'm not sure how "vulnerable" it really was, but in any case, I've committed a change to
disallow FTP Bounces to *any* TCP port on a 3rd party IP address, by default. --
Sysop: | Chris Crash |
---|---|
Location: | Huntington Beach, CA. |
Users: | 557 |
Nodes: | 8 (0 / 8) |
Uptime: | 124:21:02 |
Calls: | 10,414 |
Calls today: | 1 |
Files: | 5 |
Messages: | 366,898 |