This is an old technique to perform port scanning in a stealthy way. The vulnerability lies in the PORT command used by FTP to transfer data in the ACTIVE mode.

Using this technique, an attacker can instruct the FTP server to open a connection to a particular port of a machine that might not be the originating client. Such a situation may allow an attacker to perform a port scan on a target by hiding his own identity. Nmap has an option –b to perform this type of scan. However, most of the FTP servers out there are aware about this attack and are configured accordingly to block such a scan and hence prevent ...