pasvagg.pl: Did you actually try out what you write in that section?
Yup, it worked fine against netscape.com and a few other sites I tried.
Are you positive about the conclusions at the end of that stanza, as well as the workarounds that you suggest?
Actually the real point of the article was to point out what a POS the ftp protocol is security wise. no matter what you do you got security issues.
Are you sure that it is a good idea to restrict the destination of the PORT connection or the origin of the PASV connection to the origin of the data connection?
proftpd does this I believe. As long as you don't have a multi-homed box sending/receiving the connections via different IP's it's mostly a non issue (I can't see to to many ftp servers doing this).
Roman.
1 more week, grinz =) -Kurt