Next Previous Contents

6. FTP proxy

FTP protocol has a special mode that is often called FTP proxy. In this mode a client program can tell to one server to send and to another server to receive a file without the need to send this file via client computer. This ability can be used in attacks known as "bounce attacks".

By default Libra allows FTP proxy operations. Before to create an active data connection on behalf of PORT command the server calls the function CheckDataAddr(). This function can be found chkport.c. It receives as arguments an address of peer's control connection and an address of desired data channel. The server will open the data channel to the desired address if this function returns success return code. You can prohibit FTP proxy by providing an appropriate implementation of CheckDataAddr.

We didn't implemented this feature as a command line option because normally people need only one behavior - those that matches their security policy.


Next Previous Contents
Hosted by uCoz