02-03-2012, 02:26 PM
FTP server bounce attack
[attachment=17875]
The motive
==========
You are a user on foreign.fr, IP address F.F.F.F, and want to retrieve
cryptographic source code from crypto.com in the US. The FTP server at
crypto.com is set up to allow your connection, but deny access to the crypto
sources because your source IP address is that of a non-US site [as near as
their FTP server can determine from the DNS, that is]. In any case, you
cannot directly retrieve what you want from crypto.com's server.
The attack
==========
This assumes you have an FTP server that does passive mode. Open an FTP
connection to your own machine's real IP address [not localhost] and log in.
Change to a convenient directory that you have write access to, and then do:
Discussion
==========
There are several variants of this. Your PASV listener connection can be
opened on any machine that you have file write access to -- your own, another
connection to ufred.edu, or somewhere completely unrelated. In fact, it does
not even have to be an FTP server -- any utility that will listen on a known
TCP port and read raw data from it into a file will do. A passive-mode FTP
data connection is simply a convenient way to do this.