Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

FTP Bounce attack

Dear sir

how i can open FXP (server to server FTP) through the Cisco Firewall.

where i think it disabled be default for the risk of FTP Bounce attack.

Thanks

2 REPLIES
Silver

Re: FTP Bounce attack

Make sure the TCP / UDP port 286 , used by FXP is allowed on the firewall to pass through. Make sure both FTP servers must support FXP and have it enabled. Consult with the server admin since most FTP servers do not support FXP, or have FXP disabled due to potential security risks.

New Member

Re: FTP Bounce attack

Dear irisrios

thank u for response,

i checked with the server admin, and we found that the servers support FXP, and FXP is enabled.

i oppened for test all tcp ports between the two servers.

when i disable the ftp inspection from the firewalls, the FXP work good with no problems.

but now i can not close all tcp ports, becouse ftp inspection is disabled.

so i need a mechanism to enable ftp inspection, and disable it from inspecting ftp PORT command

Thanks

235
Views
0
Helpful
2
Replies
CreatePlease to create content