id summary reporter owner description type status priority component resolution keywords cc component_version os os_version 10793 FTP server is vulnerable to an FTP server bounce attack JuergenHamel "The FTP server accepts the PORT command and produces the following output ""200 Port command successful"" although the server does not execute the command. Command output should not be produced in that case. This is a Nessus finding. Nessus description: Port: ftp (21/tcp) Issue name: FTP Privileged Port Bounce Scan Synopsis: The remote FTP server is vulnerable to a FTP server bounce attack. Description: It is possible to force the remote FTP server to connect to third parties using the PORT command. The problem allows intruders to use your network resources to scan other hosts, making them think the attack comes from your network. Solution: See the CERT advisory in the references for solutions and workarounds. Plugin Output: The following command, telling the server to connect to 169.254.176.115 on port 10794: PORT 169,254,176,115,42,42 produced the following output: 200 Port command successful Nessus Plugin ID: 10081 VulnDB ID: 215" Bug report closed normal FileZilla Server rejected Port Bounce Scan 0.9.56 beta Windows Windows Server 2012