[File Transfer Protocol Advisory]========================================[fejed]


In writing this Advisory I'm assuming you are familiar with the protocol
in it's self a little bit. As standard all ftp daemons are forced to include
use of the "PORT" command.  This function of the protocol is used to set up the
data transfer ports in between the user and the server.  The ftp protocol
includes support for files to be transfered to a third part host, to a terminal
or printer that may not be able to make use of the file transfer protocol
directly.

So far I've explained how the PORT command is used properly to some effect.
If you wish to have a deeper insight into the File Transfer Protocol and
its syntaxes then please refer to rfc 959.

Now the problem arises where anyone has the ability to transfer files to a
third party host, you may think there is nothing wrong with this at all.
Yet you are wrong, why? Well easy, by issuing the port command i can send
files and directory listings to just about any remote server with a tcp
port open.  If we transfer large amounts of data accross high speed
networks numerous times simutaniously we will be creating a Denial of
Service attack against any choosen host.  I'm not going to include the
exact syntax in this article for all you script kiddies out there.  There
are many possibilities out there that you could use inconjuction with this
attack to maximise its effect greatly, those I will not publish because it
most likely will goto misuse, even though anyone with half a clue about
how the file transfer protocol works would be able to easily see the
hazards possible.

I've thought of a fix so everyone doesn't have to engage in a flurry of
wasting money and time on clueless idiots that have degrees and what
not.. *shut up fejed*.

This fix should be included in the next update of the ftp rfc; Users
connecting to the service side of the protocol should NOT be allowed to
issue the port command to set up the transfer data to be sent to ports
that are listed in /etc/services or something similar to avoid the
potential denial of service attack happening.  If you can't implement this
fix effective immediate then I suggest removing anonymous login so that
your ftp daemon is not used in conjunction with others to create a
DDoS/DoS attack against other hosts.