Tempest Security Technologies: Security flaw in Linux 2.4 IPTables using FTP PORTApr 20, 2001, 01:09 (3 Talkback[s])
(Other stories by Cristiano Lincoln Mattos)
"If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing 'related' connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself...."
"This is a security flaw which can be exploited when an attacker is in a position behind your firewall, i.e., 'protected'. For example, if your firewall protects an FTP Server and the attacker has compromised it by other means, he can use this to connect to other protected networks. Or, if your attacker is behind your firewall as a client and connects to an FTP server on the Internet, he can use it to allow this FTP server to connect to other protected networks."