Possible Hack with FTP - What are the solutions?
Posted
by iamrohitbanga
on Super User
See other posts from Super User
or by iamrohitbanga
Published on 2010-04-04T19:13:59Z
Indexed on
2010/04/04
19:23 UTC
Read the original article
Hit count: 184
ftp
I was reading the FTP rfc and hence had this idea.
Suppose there are several public ftp servers that allow anonymous user login. I open a control connection on port 21 to each of these servers.
Now suppose there is a web server a.com with ip address x.y.z.w listening on port 80. FTP allows a user to specify the host on which the data connection is to be setup. So a user specifies the host and port number of a.com web server. Now the ftp server starts sending data to a.com for which it is not a valid HTTP request and hence it is rejected. But a.com notes that the invalid http request came from a public ftp server and not my ip address. Can this not lead to a distributed attack by utilizing all public ftp servers. worse still the the data being sent by ftp server could be a valid http request which could trigger a.com to send a file back to the ftp server.
Is there a solution for this or is it no problem at all.
© Super User or respective owner