Hi, I'm looking at securing our embedded ftp server from port bounce attacks (CA-1997-27) and following the advice at https://www.cert.org/historical/advisories/CA-1997-27.cfm? I have removed the anonymous user, but I want to configure the server to only allow the PORT command to connect back to the originating client.
Is there a setting for this or is this the default behaviour? Kind regards Simon