Nmap Development mailing list archives
simulating FTP bounce attack using nmap
From: "Mbzaman L" <query.security () gmail com>
Date: Fri, 31 Aug 2007 16:56:52 +0530
Greeting All, I am trying to simulate the old FTP bounce attack . This is an old attack and I believe most of the FTP servers available today are not prone to such type of attacks. I am using vsftpd package for implementing FTP server . Also using anonymous user I can upload files to the FTP server. The FTP server also supports passive mode as the following commands shows... ftp> passive Passive mode off. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. drwxr-xr-x 8 0 0 4096 Aug 30 12:10 pub 226 Directory send OK. ftp> Now using nmap , I am trying to simulate the FTP bounce attack. I am using the following command. nmap -b anonymous:""@ w.x.y.z <http://172.16.1.251/> a.b.c.d But I am getting the following error .... [root@gdrd5 ~]# nmap -v -b anonymous:""@w.z.y.z a.b.c.d Hint: if your bounce scan target hosts aren't reachable from here, remember to use -P0 so we don't try and ping them prior to the scan Starting Nmap 4.20 at 2007-08-31 15:15 IST Resolved ftp bounce attack proxy to w.x.y.z Initiating ARP Ping Scan at 15:15 Scanning a.b.c.d [1 port] Completed ARP Ping Scan at 15:15, 0.03s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:15 Completed Parallel DNS resolution of 1 host. at 15:15, 0.06s elapsed Attempting connection to ftp://anonymous:@w.x.y.z:21<ftp://anonymous:@172.16.1.251/> Connected:220 Welcome to blah FTP service. Login credentials accepted by ftp server! Initiating TCP ftp bounce scan against somedomain.in <http://hgdrd1.cdacbangalore.in/>(a.b.c.d) at 15:15 Your ftp bounce server doesn't allow privileged ports, skipping them. Your ftp bounce server doesn't allow privileged ports, skipping them. Your ftp bounce server doesn't allow privileged ports, skipping them. Your ftp bounce server doesn't allow privileged ports, skipping them. Your ftp bounce server sucks, it won't let us feed bogus ports! [root@gdrd5 ~]# I have done the following configurations in /etc/vsftpd/vsftpd.conf ... anonymous_enable=YES write_enable=YES anon_upload_enable=YES connect_from_port_20=YES Please somebody clarify me where I am missing which preventing me to simulate the attack. With Thanks in advance. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- simulating FTP bounce attack using nmap Mbzaman L (Aug 31)
- Re: simulating FTP bounce attack using nmap majek04 (Aug 31)