comrade's bureau


comments?

ftpbnc - light-weight FTP control connection bouncer


Sections

  1. Overview
  2. Installation
    1. Compiling ftpbnc
    2. Configuring and Running ftpbnc
  3. Download
    1. Changelog
  4. Security
  5. References

Overview

ftpbnc is a light-weight FTP bouncer that proxies only the control connection. This is useful when you want to hide your IP address (not really) from the site you are connecting to, but keep the data transfers coming directly to you. That means ftpbnc will not rewrite the PORT/PASV commands that pass through the control connection. ftpbnc supports SSL - it can connect to SSL/TLS FTP sites (using AUTH TSL command), as well as listen for connections using SSL (as if it was stunnel'ed). ftpbnc can also set dynamic ident with the help of mdidentd.
ftpbnc should compile and run fine on UNIX systems. It was tested on Linux, BSD and Solaris. There is no IPv6 support.
ftpbnc is a single-threaded, single-process application coded in C. I followed this design because there are some users who run this on paid shell accounts, and these are limited in the number of background processes (meaning you shouldn't fork). I didn't think of pthreads at the time. In any case, ftpbnc handles multiple connections by continuously polling (every 250 msec) the state of each socket, and acting accordingly. I know this is bad, but back then I was scared of the select function, and what I wrote seemed to work well. CPU usage due to this kind of polling is not noticeable.
The project is closed and it is very unlikely I will be making any more updates to it. The last update was in 2003, so the project was dead a long time ago anyway. For other, more complete and up to date FTP bouncers, see the References section. A big thank you to all the patrons in the scene who used this software in the past.

Installation

The installation of the compiling the source files and creating a configuration file that tells ftpbnc what port to listen on, etc.

Compiling ftpbnc

To compile ftpbnc, simply run gunzip/untar the source package, and run the build script. Or, you can compile it manually by invoking:

gcc -c ftpbnc.c lib_mdidentd.c
gcc -o ftpbnc ftpbnc.o lib_mdidentd.o -lssl -lcrypto
This should produce a single executable named ftpbnc. For versions below 0.4, you can omit lib_mdidentd.

Configuring and Running ftpbnc

ftpbnc needs the following arguments run:

ftpbnc --ssl listenhost listenport username password
OR, using a configuration file:
ftpbnc ftpbnc.conf
The listenhost and listenport arguments specify the TCP IPv4 socket address ftpbnc should listen on. If the --ssl option is specified, then ftpbnc will only accept SSLed connections on that socket. This is useful if you want to stunnel your connection to the proxy (this is independent of SSL FTP servers though - ftpbnc handles them transparently whether or not you specified --ssl). The username and password arguments specify the proxy credentials required to access ftpbnc.

Alternatively, you can specify a configuration file that contains all these options. One advantage of using the configuration file is that you can protect your username/password from prying eyes (other users who execute ps on the shell). The configuration file can created in interactive fashion by running the makeconf script. Or, you can simply fill it manually using this template:
# ftpbnc 0.4 configuration file
lhost=12.34.45.56
lport=12345
localssl=1
username=bob
password=alice
Passwords, specified in command line or inside the configuration file, can be hashed using MD5 for extra security. Simply prefix the hash with md5: when specifying the password. For example, the following runs ftpbnc on socket 12.23.34.45:12345 with username bob and password alice:
ftpbnc 12.23.34.45 12345 bob md5:6384e2b2184bcbf58eccf10ca7a6563c
If you specify 0 for listenhost, the socket will be listening on all homes on the machine.

Download

ftpbnc-0.4.tar.gz (10 KB)

Older versions:
ftpbnc-0.31.tar.gz (5 KB)
ftpbnc-0.3.tar.gz (4 KB)
ftpbnc-0.21.tar.gz (3 KB)
ftpbnc-0.2.tar.gz (2 KB)
ftpbnc-0.1.tar.gz (2 KB)

The project is released under the BSD license.

Changelog

Fixes/Updates          30.11.2003 21:44 EST (version 0.4)
 * Fixed bug when TLS-enabled daemons had welcome message
   longer than one line.
 * Support for local SSL connections.
   Certificate and key are read from cert.pem and key.pem.
 * Support for dynamic idents via mdidentd.
   (Connections must be made to ident@host:port.)

                       09.02.2003 20:40 EST (version 0.31)
 * Support for configuration files, and password hashing.
 * Added configuration making utility script (makeconf).

                       09.02.2003 01:07 EST (version 0.3)
 * TLS support.
 * Sending buffers are  now  each  per session, should fix
   bug when not all data was sent (connection stuck).

                       09.11.2002 17:40 EST (version 0.21)
 * Ignores broken pipe signal (means works on SuSE now).
 * Fixed username/password protection.
 * More fault-tolerant.
 * Code restructuring.

                       09.11.2002 02:38 EST (version 0.2)
 * Connections are non-blocking now.
 * Support for username/password proxy protection.

Security

The code contains a number of buffer overflow and remote code execution vulnerabilities. However, the serious vulnerabilities are only exploitable once valid credentials have been entered. The vulnerabilities are:

  1. DoS by connecting more than MAX_SOCKETS times.
  2. Heap corruption by FTP server who sends a lot of data during TLS negotiation (e.g. long ASCII drawings).

I am not going to fix them because I simply don't care anymore. Please use other software, such as the ones mentioned in the section below.

References

Comments

[an error occurred while processing this directive]