|
FTP Bounce |
|
|
|
SummaryMajor intrusion This indicates that somebody is successfully using the FTP server on your system in order to relay attacks against other systems.
Details
When a file is requested from an FTP server, the client specifies both the IP address and port number of the recipient of that file. In theory, this is supposed to be the address/port that the client has prepared to receive the file. In some cases, it can be any system on the Internet. In particular, while it may appear to be a file from the perspective of the FTP server, the receiver may believe that these are commands of some other protocol. For example, a spammer can upload a file to the FTP server containing e-mail messages, then cause the FTP server to download them to an SMTP server that then forwards them out to the recipients.
Defense
All FTP servers can be upgraded or reconfigured to stop this activity.
| more information |
|