Firewall Wizards mailing list archives
Re: What kind of ftp attack is this?
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Thu, 25 Mar 1999 16:32:44 -0500
Mar 24 13:51:34 strip ftpd[2699]: refused PORT 0,1328 from 193.226.92.xxx Mar 24 13:51:49 strip ftpd[2703]: refused PORT 0,1331 from 193.226.92.xxx
Looks like someone using FTP bouncing to do a port scan. This is why having FTP servers behind firewalls is a Bad Thing. See http://www.clark.net/pub/mjr/pubs/attck/sld052.htm for a sketchy overview of FTP bouncing. You can extrapolate bouncing to do all kind of stuff like scanning, denial of service, etc. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- What kind of ftp attack is this? sedwards (Mar 25)
- Re: What kind of ftp attack is this? Bret McDanel (Mar 25)
- Re: What kind of ftp attack is this? Marcus J. Ranum (Mar 25)
- Re: What kind of ftp attack is this? Bret McDanel (Mar 25)