FTP bounce network scan

imagensecforcepost.png

Some time ago we were performing an internal penetration test an we identified a Canon iR C2880 printer within the IP range in the scope of testing. Printers is the kind of device that a penetration tester tend to dismiss as they don’t look very attractive from the attacker’s perspective.

It is a fact that printers are usually installed with all the settings by default. This includes having the default administration password (if any), default administrative interfaces enabled, default services running, default SNMP community string, etc.

It is interesting to note that some printers run an anonymous FTP server that users (and processes) can use to print documents. A user can upload a document to the FTP server running on the printer and it will be printed. Things get worse when you discover that the FTP server supports the PORT command.

The PORT command is sent by the FTP client to establish a secondary channel for data to travel over. This command can be abused by attacker to network scan other hosts on your network, as shown in the next diagram:

ftp-bounce.png

Why an attacker would want to do that? Well, there might be several reasons:

This is an example of how the sniffed network traffic would look during an FTP bounce scan:

FTP bounce attack network traffic.

The network traffic screenshot shows that the attacker is using the printer as a bounce host and the only traffic exchanged is FTP based.

As you can see, IT security and penetration testing is about identifying every issue in your infrastructure and exploiting the weakest link.

You may also be interested in...

imagensecforcepost.png
Oct. 29, 2019

Ajenti 2 Remote Code Execution (CVE-2018-1000082)

Doing code reviews and application tests is a normal part of life at SECFORCE, and as a part of my security research a few days ago I turned my attention towards the open-source project Ajenti, a server control panel similar to webmin.

See more
imagensecforcepost.png
Jan. 18, 2019

Your Voice Is My Password

In the current technological landscape, A.I. is playing a major role in trying to provide user-friendly and more secure bio-metrics authentication schemes including but not limited to Face and Voice authentication.

See more