Andreas Beck

Security - FTP-NAT-Test


FTP-NAT - A security issue for many routers

What's the problem?

Many small businesses and lots of home users employ so called NAT-routers to allow for multiple computers accessing the internet at the same time over the same connection.
These routers are usually advertised as "firewalls" or "stateful packet filters" as well as they block inbound connections (from the internet to local machines) due to the very design of NAT.

However most of these devices contain a functionality that allows to support the so called "active FTP"-protocol.
Combined with client side programming languages like Java or Flash, this makes it possible to bypass the firewalling functionality of these products.

Florian Weimer's original article takes a closer look on that problem. Alternatively, you can have a look at our simplified technical documentation of the problem that contains more background information without going into details.


Web Design by Andreas Beck      mailto:webmaster-wwbdt-spam@bedatec.de
Ihr Internet Explorer ist veraltet und kann diese Seite nicht optimal darstellen.
Bitte verwenden Sie Windowsupdate um IE7 zu erhalten oder installieren Sie Mozilla