From: Michael R. <ro...@am...> - 2004-03-10 04:41:28
|
On Tue, 9 Mar 2004, William R. Lorenz wrote: > Greetings, > > As detailed in CERT/CC VU#2558 (http://www.kb.cert.org/vuls/id/2558), I > think it's entirely possible to hijack FTP session from people using > passive mode data connections (think PASV command) on ProFTPD servers that > are active and continuously field many connections from remote clients. Disable "AllowForeignAddress" (http://www.proftpd.org/docs/directives/linked/config_ref_AllowForeignAddress.html) on the server and everything should be fine. When AllowForeignAddress is disabled (default settings) the following things get changed: a) connections to server-side opened data ports are prohibited from IPs that don't match the IP on the control port. (They get immediately disconnected) b) You can't supply IPs that don't match the IP on the control port via the PORT command. a) should fix the behaviour you're seeing (hijacking data sessions opened by other users) and b) prevents people from using your ftp server in "ftp bounce attacks" where you instruct the ftp server to (maliciously?) open data connections to unrelated third party servers ("distributed" port scanning, setting distractions for IDS, etc) If this isn't sufficient or not feasible for you, you could always use mod_tls and force encryption on the data port, that should completely eliminate any uncertainties which may still exist, although getting your users to use TLS-aware ftp-clients might be quite a bit of work. best regards, michael |