Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

simulating FTP bounce attack using nmap

From: "Mbzaman L" <query.security () gmail com>
Date: Fri, 31 Aug 2007 16:56:52 +0530
Greeting All,

    I am trying to simulate the old FTP bounce attack . This is an old
attack
    and I believe most of the FTP servers available today are not prone to
such
    type of attacks.
    I am using vsftpd package for implementing FTP server . Also using
anonymous user I can
    upload files to the  FTP server. The FTP server also supports passive
mode as the following
    commands shows...


   ftp> passive
   Passive mode off.
   ftp> ls
   200 PORT command successful. Consider using PASV.
   150 Here comes the directory listing.
   drwxr-xr-x    8 0        0            4096 Aug 30 12:10 pub
   226 Directory send OK.
   ftp>


   Now using nmap , I am trying to simulate the FTP bounce attack.

   I am using the following command.

   nmap  -b anonymous:""@ w.x.y.z <http://172.16.1.251/>    a.b.c.d

  But  I am getting the following error ....

 [root@gdrd5 ~]# nmap -v  -b anonymous:""@w.z.y.z  a.b.c.d

   Hint: if your bounce scan target hosts aren't reachable from here,
   remember to use -P0 so we don't try and ping them prior to the scan

  Starting Nmap 4.20  at 2007-08-31 15:15 IST
  Resolved ftp bounce attack proxy to w.x.y.z
  Initiating ARP Ping Scan at 15:15
  Scanning a.b.c.d [1 port]
  Completed ARP Ping Scan at 15:15, 0.03s elapsed (1 total hosts)
  Initiating Parallel DNS resolution of 1 host. at 15:15
  Completed Parallel DNS resolution of 1 host. at 15:15, 0.06s elapsed
  Attempting connection to
ftp://anonymous:@w.x.y.z:21<ftp://anonymous:@172.16.1.251/>
  Connected:220 Welcome to blah FTP service.
  Login credentials accepted by ftp server!
  Initiating TCP ftp bounce scan against  somedomain.in
<http://hgdrd1.cdacbangalore.in/>(a.b.c.d) at 15:15
  Your ftp bounce server doesn't allow privileged ports, skipping them.
  Your ftp bounce server doesn't allow privileged ports, skipping them.
  Your ftp bounce server doesn't allow privileged ports, skipping them.
  Your ftp bounce server doesn't allow privileged ports, skipping them.
  Your ftp bounce server sucks, it won't let us feed bogus ports!
  [root@gdrd5 ~]#


  I have done the following configurations in /etc/vsftpd/vsftpd.conf ...

 anonymous_enable=YES
  write_enable=YES
  anon_upload_enable=YES
  connect_from_port_20=YES

  Please somebody clarify me where I  am missing which preventing me to
simulate the
  attack.

  With Thanks in advance.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: