allow-outgoing-ports-below-1024
There is a minor flaw in the FTP protocol which allows connections to and
from the
remote clients to use any port number. Unfortunately, on UNIX,
port numbers below
1024 are reserved for super-user processes, and there is a way to trick
an FTP server
to connect to one of these ports. It is easy to just disallow all ports
under 1024, but
other operating systems such as MacOS use those for user processes.
If you are ultra-paranoid about security, you can disallow ports under
1024. If
compatibility with other operating systems is more important, or you're
careful about
having world-writeable directories, you can allow these ports.
Examples:
allow-outgoing-ports-below-1024=yes
allow-outgoing-ports-below-1024=no
Recommendation:
allow-outgoing-ports-below-1024=yes
