On Wed, May 08, 2002 at 06:32:13PM +0200, Lukasz Wojcik wrote: > Tu odpowiem Adrianowi: > Zasadniczo nie trzeba nic specjalnego ustawiac w serwerach FTP by zlozyc > polaczenie FXP.
Nieprawda. http://proftpd.linux.co.uk/docs/faq/proftpdfaq-3.html#ss3.6 Domyślnie jest ta opcja wyłączona w ProFTPD, bo... > Jesli chodzi o bezpieczenstwo to problemy sa te same co przy > bezposrednich polaczeniach klient->serwer. Nieprawda. Normally, proftpd disallows clients from using the ftp PORT command with anything other than their own address (the source address of the ftp control connection), as well as preventing the use of PORT to specify a low-numbered (< 1024) port. In either case, the client is sent an "Invalid port" error and a message is syslog'd indicating either "address mismatch" or "bounce attack". By enabling this directive, proftpd will allow clients to transmit foreign data connection addresses that do not match the client's address. This allows such tricks as permitting a client to transfer a file between two FTP servers without involving itself in the actual data connection. Generally it's considered a bad idea, security-wise, to permit this sort of thing. AllowForeignAddress only affects data connection addresses; not tcp ports. There is no way (and no valid reason) to allow a client to use a low-numbered port in its PORT command. Wanted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
