FTP Security

Question: Does limiting ftp connections to your site to specicif IP's offer much security. I have configured my firewall to allow ftp connections to a single IP and yet port 21 is still picked up by a scan as being opened. My contention is, that if port 21 is open, it is still susceptible to vulnerabilities of that inherant with FTP. Is this a correct assumption?

Thanks
jstansleyAsked:
Who is Participating?
 
gidds99Connect With a Mentor Commented:
It offers pretty good security as limiting the connections to a single IP means that you are limiting the attack surface if there are vulrabilities in the FTP server software they are not exposed as it will not allow an FTP connection to be esablished from other IP's.

Other Experts mention IP spoofing which is easy for a determined attacker with tools which are freely available on the web.  The crucial question to ask in my opinion when considering the risks in this type of setup is, how likely is it an attacker will know the IP in the first place so he is in a position to spoof it?  Any danger from IP spoofing is very limited as I see it.

Hope this helps.
0
 
jstansleyAuthor Commented:
Thanks....so you are saying that despite the fact that port 21 is listed as open on a port scan.....an attacker cannot launch an attack unless he knows the specific IP for which the server is configured to accept connections?
0
 
magus123Commented:
their are scans happening every day everywhere , they are automated and they look for anything open
i remeber getting infected with a virus with in seconds going on the internet.

keep in mind these

1.nat dsl router / port forwarding for ftp  / mac cloning
2. firewall at the os  " configure it to disabl icmp " ping attacks
3. ant virus at the os
4. http://www.blackviper.com/  " services ethir listening or not need , consider removing
5.  netstat , check your open prots
6. www.dslreports.com check their forum and recommended sites to  use certain sites
that do port scans on your computer and recommend what to block or shutdown
7.  do level of ftp software and access versus user or anoyumus
8. a dedicated hardware firewall
9.logging , check who or what intrusion if any
10. peer guardian from methlabs , check out their program and the blocklist you can dowload
for known bad intrusions , works at the os level , also consider protowall.

that all i can remember for know
0
 
gidds99Commented:
What I am saying is that I beleive that although port 21 is open the FTP software wont allow an FTP connection to be made unless it originates from that specific IP.  Therefore as no FTP connection can be completed it is not possible for an attacker to try and exploit any holes which may exist in the FTP server software as many holes will be exploited by an attacker sending corrupt data over a completed connection in order to exploit vulnrabilities in the FTP server software.  By confining to connections to a single IP you are preventing connections from being accepted from other IP's.

Hope this helps.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.