?
Solved

Sonicwall TZ-180 FTP issue - FTP: Port Bounce Attack Dropped

Posted on 2010-01-04
2
Medium Priority
?
2,015 Views
Last Modified: 2013-12-02
I have a sonicwall TZ-180. I have an application that is trying to establish a passive FTP connection, but Intrusion Protection on the sonicwall is dropping the connection with a log event that looks like this:

FTP: Port Bounce Attack Dropped

I have found some posts for older sonicwall devices that tells you how to go in and tell the sonicwall how to ignore this alert, but I cannot find anything on the sonicwall enhanced OS which is on my TZ-180. I have looked in the intrusion prevention section of my sonicwall but cannot find this particular event so I can disable it. Any help would be greatly appreciated!

0
Comment
Question by:jkwasson
2 Comments
 
LVL 3

Expert Comment

by:jlwcci
ID: 26196085
In your IP configuration are you blocking low priority attacks? What other security services do you use?
0
 
LVL 5

Accepted Solution

by:
jkwasson earned 0 total points
ID: 26200634
thanks for your help, but I figured this one out. My program is  a VB6 program and I was attempting to use the INET control which does not expressly allow for a PASV FTP connection. I switched the app to use API calls from wininet.dll, which allows you to explicitly set PASV FTP mode and as soon as I did that I had no issues getting through the firewall. I believe the INET control issues a PORT command, which got blocked by the firewall, wininet.dll does not do that in PASV mode
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 14 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question