COMMAND

    Passive connection support

SYSTEMS AFFECTED

    Win NT 3.5, 3.51, 4.0

PROBLEM

    The  FTP  service  allows  passive  connections  to be established
    based on the  port address given  by client. This  can enable some
    hackers to  use this  facility to  execute malicious  commands off
    the FTP service.

    The registry contains an entry in

        <System\CurrentControlSet\Services\MSFTPSVC\Parameters>

    where the value could be enabled for value <EnablePortAttack:

        REG_DWORD: >. Verify this value is '0', not '1'.

SOLUTION

    See above.