[File Transfer Protocol Advisory]========================================[fejed] In writing this Advisory I'm assuming you are familiar with the protocol in it's self a little bit. As standard all ftp daemons are forced to include use of the "PORT" command. This function of the protocol is used to set up the data transfer ports in between the user and the server. The ftp protocol includes support for files to be transfered to a third part host, to a terminal or printer that may not be able to make use of the file transfer protocol directly. So far I've explained how the PORT command is used properly to some effect. If you wish to have a deeper insight into the File Transfer Protocol and its syntaxes then please refer to rfc 959. Now the problem arises where anyone has the ability to transfer files to a third party host, you may think there is nothing wrong with this at all. Yet you are wrong, why? Well easy, by issuing the port command i can send files and directory listings to just about any remote server with a tcp port open. If we transfer large amounts of data accross high speed networks numerous times simutaniously we will be creating a Denial of Service attack against any choosen host. I'm not going to include the exact syntax in this article for all you script kiddies out there. There are many possibilities out there that you could use inconjuction with this attack to maximise its effect greatly, those I will not publish because it most likely will goto misuse, even though anyone with half a clue about how the file transfer protocol works would be able to easily see the hazards possible. I've thought of a fix so everyone doesn't have to engage in a flurry of wasting money and time on clueless idiots that have degrees and what not.. *shut up fejed*. This fix should be included in the next update of the ftp rfc; Users connecting to the service side of the protocol should NOT be allowed to issue the port command to set up the transfer data to be sent to ports that are listed in /etc/services or something similar to avoid the potential denial of service attack happening. If you can't implement this fix effective immediate then I suggest removing anonymous login so that your ftp daemon is not used in conjunction with others to create a DDoS/DoS attack against other hosts.