FTP Bounce attack

Unanswered Question
Jan 17th, 2008

Dear sir

how i can open FXP (server to server FTP) through the Cisco Firewall.

where i think it disabled be default for the risk of FTP Bounce attack.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Wed, 01/23/2008 - 09:58

Make sure the TCP / UDP port 286 , used by FXP is allowed on the firewall to pass through. Make sure both FTP servers must support FXP and have it enabled. Consult with the server admin since most FTP servers do not support FXP, or have FXP disabled due to potential security risks.

justanas1 Thu, 01/24/2008 - 03:55

Dear irisrios

thank u for response,

i checked with the server admin, and we found that the servers support FXP, and FXP is enabled.

i oppened for test all tcp ports between the two servers.

when i disable the ftp inspection from the firewalls, the FXP work good with no problems.

but now i can not close all tcp ports, becouse ftp inspection is disabled.

so i need a mechanism to enable ftp inspection, and disable it from inspecting ftp PORT command



This Discussion