FTP Security

["Marcelo Barbosa Lima" <marcelo.lima () dcc unicamp br>]

  Hi folks,
 
        I were reading one paper about security problems in FTP and did not
 undestand this:
 
    "When the data transfers are done in
    active mode, the attacker guesses the number of the TCP port where the
    target client will be doing a listen. He or she then repeatedly sends
    the ftp server to which the client is connected the commands PORT
    ip,of,client,machine,port,port RETR filename or STOR filename.
 
    Using RETR if he wishes to replace data transmitted to the client, and
    STOR if he is trying to intercept data the client would send to the
    server. "
 
    Do you agree with this? Well, i saw that the client sends his port
 number across  the control
 connection using  the PORT command. How can the atacker send (repeatdly)
 commands PORT to FTP server if he or she doesn't know TCP sequence
 numbers of the control connection  between client and server? Another
 question
 is: how can the atacker know about the control connections in a particular
 FTP server?  Netstat? I like your solutions for these problems! Sorry for
 my poor english :-).
 
 Thanks and Regards!
 
 
                                Marcelo B. Lima 
                                        marcelo.lima () dcc unicamp br