ftp bounce attack

alexey
alexey Posts: 188  Master Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Hi.
Problem with access to remote FTP. Add rule to access to ip of FTP. Have a error in log "NAT ftp bounce attack, victim is 127.0.0.1:52216, action DROP".  What is mean & what to do?
In source ip of local computer, in remote ip of ftp.

Accepted Solution

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Anniversary First Answer First Comment
    Just curious that the log message will display on USG when your local PC which behind USG try to access FTP?
    The FTP bounce attack is an exploit of the FTP protocol. Here is more detail.
    http://www.securityfocus.com/advisories/174

  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Yes, the error display, when local user try to connect remote ftp. And the connection does not occur.
    I did this rule for all lan ip, and part of PC connect, other part falls with subject error.

Security Highlight