The Dreaded FTP Vunerability Works by a client sending PORT commands on the FTP port PORT a,b,c,d,x,y a.b.c.d is the IP address x and y are the high and low byte of the destination port Affects the RELATED table for Stateful Inspection Creates a "connection expected" rule from server-side of the firewall to the host and port specified in the PORT command The "Server" has 10 seconds once the PORT command is issued to connect Most Netfilter configurations accept RELATED state packets.