What is FXP?
FXP is the short term for server-to-server-copy. This is something mentioned in RFC 959 and it can be seen as an FTP feature above other file transfer protocols. Although it is part of the FTP RFC it's disabled by default on most FTP servers. But since the FTP cluster relies on FXP for file replication you should know how to enable it.
Usually you take your FTP client connect to the server to up- or download files. In normal FTP you do this using the PORT command to allocate a second TCP/IP connection for the data transmission. Using the PORT command means that you (better: your client software) creates a listening server socket waiting for the FTP server to connect to send or receive the file in question. Just to make this clear: on data transmission client and server change their roles, the FTP server connects to the client.
But there is also the PASV FTP command introducing the "famous" passive mode. Most FTP clients use this as default data transfer mode because it's called "firewall friendly" and, really worse, some client rely on the server supporting passive mode transfers. Well, what is this "passive mode"? In the passive transfer mode the client sends the PASV command to the server which then allocates the listening socket. The client connects to this port and data transmission starts. Passive mode is basically the opposite (speaking in terms of "listening" and "connecting" to the active mode (using PORT) above: the client connects again to the server.
So far for your daily FTP server usage. But the FTP RFC also mentions a second scenario. You connect with your FTP client to two servers at the same time telling one to receive and the other to send the file. Then one of the servers connects to the other, data transmission starts and finally you have copied a file from server-A to server-B without copying it first to your computer. This is server-to-server-copy or FXP mode.
How does this work? The scheme is not really difficult. The FTP client sends first server-A the PASV command telling him to allocate a listening socket. When the client knows server-A's interface and port for the data socket this is send to server-B. The next thing is that server-B receives the RETR command and server-A the STOR. This way server-A will copy the file directly to server-B. That's all.
Now that we know that FXP is really cool, what is so bad about it that it's disabled in the average FTP server? This is a good question. In the FXP command scheme above server-B connects to server-A just because the client (running from computer-C) tells it to do so. The port on server-A should be a listening FTP data port, but what if it's not? Assume we tell server-B to connect on the HTTP port of server-D and server-B starts sending a 1GB file as HTTP request to server-D. server-B can never know (or be really sure) that it's not being abused for something that is known as "bounce attack". He will happily send the 1GB file thinking that it's really doing a perfect job.
Bounce attacks (and FXP too) can be prevented by doing an additional check in the FTP server. If the IP-number in the PORT command does not match the client's IP-number the PORT command is rejected. More information about bounce attacks can be found under
http://www.cert.org/advisories/CA-1997-27.html.
And what is now the solution to this? On one hand we have the useful FXP mode and on the other the possible bounce attack. My personal position is that as long as users log in to my FTP server using their account (not anonymous!) they can do whatever they want. Giving someone an account means always that this can be abused. But thank to server logfiles I can find out which user it was and what he did. For anonymous users I would never enable FXP, no way.
