Check or Attack Name: seqport

The machine is allocating TCP port numbers in a predictable or sequential order. An attacker can spoof, intercept, and hijack your connection, issuing any series of commands as if it were coming from your machine. This type of attack circumvents FTP security.

This vulnerability was generated by connecting to the remote machine's FTP server and issuing a number of PASV (passive mode) commands, requesting that the remote FTP server allocate the data channel port (in contrast to normal active mode operation, in which the FTP client allocates the data channel port). For each PASV command, the FTP server communicates the allocated port number back to the client. The allocated port number makes it possible to check for a predictable port allocation sequence.

Many operating systems do not have the option to change the port range or randomize the port assignment. Following are reports from different vendors addressing the problem:

Microsoft as of Windows NT SP4 has claimed to have corrected this problem. See Knowledge Base Article Q192292 for more information.

Some Linux, FreeBSD, and NetBSD operating systems allow you to select a port range, but do not randomize the port assignments.

Digital Unix 4.x and OpenBSD explicitly allow you to select a port range and randomize the port assignment.