GEN:SID 1:508
Message MISC gopher proxy
Summary This event is generated when a Gopher server is used as a proxy to connect to an FTP server.
Impact This allows a user to assume the source IP of the Gopher server when connecting to an FTP server.
Detailed Information A Gopher server may support proxy connections to FTP servers.  This allows a user to assume the source IP of the Gopher server when connecting to an FTP server.  This may be used to bypass FTP access restrictions based on source IP's.  
Affected Systems Any Gopher server that supports proxy connections to FTP servers.
Attack Scenarios A user who is normally restricted access to an FTP server based on the originating IP may attempt to circumvent this by attempting access from a Gopher server that supports proxy connections to FTP servers.
Ease of Attack Simple.  
Corrective Action Disable the use of Gopher server.
Additional References Whitehats
www.whitehats.com/info/IDS409
Rule References arachnids: 409