[
https://issues.apache.org/jira/browse/FTPSERVER-240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12656710#action_12656710
]
Niklas Gustavsson commented on FTPSERVER-240:
---------------------------------------------
We do not currently have a load testing rig in place.
As far as I can see, you can always have an attacker steal a data connection
(snooping for PASV responses or just trying). We do have an IP check in place
to limit this type of attacks for active connections, maybe we should do the
same for passive?
> Multiple Simultaneous Connections On Passive Data Ports
> --------------------------------------------------------
>
> Key: FTPSERVER-240
> URL: https://issues.apache.org/jira/browse/FTPSERVER-240
> Project: FtpServer
> Issue Type: Improvement
> Affects Versions: 1.0.0-M4
> Reporter: Jörg Schubert
> Fix For: WISHLIST
>
> Attachments: patch_ServerSocket.txt
>
> Original Estimate: 5h
> Remaining Estimate: 5h
>
> Hello,
> the current Implementation limits the maximum number of simultaneous
> connections to the number of activated data ports in passive mode. This is
> not really enterprise grade!
> I'm not sure if the ftp-spec allows this, but it works.
> I have a working patch against 1.0.0-M4 (tested with filezilla), but
> unfortunaltely I can't attach it here.
> Should I send it to the mailing list?
> With best Regards,
> Jörg Schubert
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
