[FTPSERVER-323] Add a new configuration option for enabling/disabling IP check when accepting passive data connections - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.2
Fix Version/s: 1.1.0
Component/s: Core
Labels:
None

Description

In the current version it is possible for a hacker to connect to any passive port that is currently waiting for a connection and read/write data off that connection. We should implement a check in place to make sure the IP address of the remote host is same as the one we are expecting, if not, close the data connection right way. After closing the data connection we can do one of the following:

1. Wait for incoming connection again so the original client can connect
2. just quit and send a reply back to the client that the data connection is closed. We need to figure out what reply we want to send in this case.

What do you guys think we should do?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FTPSERVER-323.patch
24/Aug/09 12:57
12 kB
Sai Pullabhotla

Activity

People

Assignee:: Unassigned

Reporter:: Sai Pullabhotla

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 12/Aug/09 17:53

Updated:: 29/Mar/10 13:53

Resolved:: 07/Sep/09 17:30