Your FTP server can be used by a client for disruptive purposes. A client can use your server to send random data to other servers, or a client can request that your server be the passive server in a three-way transfer.
Any FTP client that is in PROXY mode with your FTP server can establish a data connection to any server that is listening to a port. This situation could be very disruptive to that server, because the client could then send a very large amount of unexpected data to it. Any malicious FTP client can attack or disrupt the server in a normal server-to-client connection by making the FTP server send a large amount of data to another application server that is listening to a specific port. Because the client itself is not sending the disruptive data, it is difficult to identify the client that is causing the problem. Use the PORTCOMMAND, PORTCOMMANDPORT and PORTCOMMANDIPADDR statements in FTP.DATA to prevent your server from being used in this way.
| When you want your server to... | Code the following statements in the server's FTP.DATA | Comments |
|---|---|---|
| Reject all PORT or EPRT commands | PORTCOMMAND REJECT | If you disable the PORT or EPRT commands, then you prevent your server from being used to send random data to other servers. However, your server loses some ability to transfer data in PROXY mode. If a client sends a PORT or EPRT command to your server to set up a proxy transfer, your server will reject the command and the proxy transfer will fail. If your client is not firewall friendly, and it does not implement the default port number and IP address for data transfer, that client cannot transfer files to and from your server. |
| Reject all PORT or EPRT commands that specify well-known ports (port numbers less than 1024) | PORTCOMMANDPORT NOLOWPORTS | When you specify this combination, your server cannot be used to send random data to servers listening on well-known ports. However, a rogue client can use your server to send random data to servers listening on other ports. The server still supports data transfer in PROXY mode. |
| Reject all PORT or EPRT commands that specify an IP address other than the client's own IP address. | PORTCOMMANDIPADDR NOREDIRECT | When you specify this combination, a client can request data transfer in PROXY mode only between your server and a server on its own IP address. Transfers between client and server are not affected. |
| Reject all PORT or EPRT commands that specify an IP address other than the client's own IP address or port numbers that are well known. | PORTCOMMANDPORT NOLOWPORTS PORTCOMMANDIPADDR NOREDIRECT | When you specify this combination, a client can request data transfer in PROXY mode only between your server and a server that is on its own IP address; the port numbers cannot be well known. The client cannot use PROXY mode to send random data to a server that is on its own IP address and listening to a well-known port. |
Your FTP server can also be used as a passive server in a three-way transfer. When a client sends a PASV or EPSV command to the server, the server opens a listening data socket. This socket is similar to the listening socket associated with the well-known port, in the sense that any application that knows its IP address and port number can connect to it (not just the client that sent the PASV or EPSV command). The client can exploit this situation to initiate a three-way data transfer, which is a data transfer between two servers. The client sends PASV to one server followed by PORT to the other. The client sets the PORT command IP address and port number to the information it gets from the PASV reply, and the second server connects to the IP address and port number specified in the PORT command, connecting the two servers. The next data transfer command causes data to move directly between the two servers. The client can also use the EPSV and EPRT commands to set up the three-way data transfer.
Three-way transfers are supported functions in the FTP protocol, but you might not want to allow your server to participate in three-way transfers. To prevent your server from being the passive server (the server that receives the PASV or EPSV command) in a three-way data transfer, code PASSIVEDATACONN NOREDIRECT in the server's FTP.DATA file. This directs the server to verify that the data connection comes from the IP address where the original FTP client is (the client that sent the PASV or EPSV command). If that is not where the data connection originates, the server closes the data socket and the next data transfer command fails.
To completely disallow the use of your FTP server in three-way transfers, code the PASSIVEDATACONN statement as described in the preceding paragraph, and the PORTCOMMANDIPADDR NOREDIRECT statement or PORTCOMMAND REJECT statement described in Table 1.