Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
2
Replies

FTP Bounce attack

justanas1
Level 1
Level 1

‎01-17-2008 12:47 AM - edited ‎03-09-2019 07:54 PM

Dear sir

how i can open FXP (server to server FTP) through the Cisco Firewall.

where i think it disabled be default for the risk of FTP Bounce attack.

Thanks

Labels:
0 Helpful
2 Replies 2

irisrios
Level 6
Level 6

‎01-23-2008 09:58 AM

Make sure the TCP / UDP port 286 , used by FXP is allowed on the firewall to pass through. Make sure both FTP servers must support FXP and have it enabled. Consult with the server admin since most FTP servers do not support FXP, or have FXP disabled due to potential security risks.

0 Helpful

justanas1
Level 1
Level 1
In response to irisrios

‎01-24-2008 03:55 AM

Dear irisrios

thank u for response,

i checked with the server admin, and we found that the servers support FXP, and FXP is enabled.

i oppened for test all tcp ports between the two servers.

when i disable the ftp inspection from the firewalls, the FXP work good with no problems.

but now i can not close all tcp ports, becouse ftp inspection is disabled.

so i need a mechanism to enable ftp inspection, and disable it from inspecting ftp PORT command

Thanks

0 Helpful
Customers Also Viewed These Support Documents