FTP-NAT - A security issue for many routers
What's the problem?
Many small businesses and lots of home users employ so called NAT-routers to allow for multiple computers accessing the internet at the same time over the same connection.These routers are usually advertised as "firewalls" or "stateful packet filters" as well as they block inbound connections (from the internet to local machines) due to the very design of NAT.
However most of these devices contain a functionality that allows
to support the so called "active FTP"-protocol.
Combined with client side programming languages like Java or Flash, this
makes it possible to bypass the firewalling functionality of these
products.
Florian Weimer's original article takes a closer look on that problem. Alternatively, you can have a look at our simplified technical documentation of the problem that contains more background information without going into details.
