allow-incoming-ports-below-1024 NcFTPd file configuration
Don't forget to restart NcFTPd after modifying the file.

There is a minor flaw in the FTP protocol which allows connections to and from the remote clients to use any port number.  Unfortunately, on UNIX, port numbers below 1024 are reserved for super-user processes, and there is a way to trick an FTP server to connect to one of these ports. It is easy to just disallow all ports under 1024, but other operating systems such as MacOS use those for user processes.

If you are ultra-paranoid about security, you can disallow ports under 1024.  If compatibility with other operating systems is more important, or you're careful about having world-writeable directories, you can allow these ports. Usually, setting another option allow-outgoing-proxy-data-connection-ports-below-1024 to no is sufficient.


Previous: allow-downloads-if-quota-exceeded NcFTPd Home Next: allow-incoming-proxy-data-connections