ftp bounce attack

alexey
alexey Posts: 188  Master Member
First Comment Friend Collector Fifth Anniversary
edited April 2021 in Security
Hi.
Problem with access to remote FTP. Add rule to access to ip of FTP. Have a error in log "NAT ftp bounce attack, victim is 127.0.0.1:52216, action DROP".  What is mean & what to do?
In source ip of local computer, in remote ip of ftp.

Accepted Solution

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    Just curious that the log message will display on USG when your local PC which behind USG try to access FTP?
    The FTP bounce attack is an exploit of the FTP protocol. Here is more detail.
    http://www.securityfocus.com/advisories/174

  • alexey
    alexey Posts: 188  Master Member
    First Comment Friend Collector Fifth Anniversary
    Yes, the error display, when local user try to connect remote ftp. And the connection does not occur.
    I did this rule for all lan ip, and part of PC connect, other part falls with subject error.