[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FireWall-1 FTP Server Vulnerability

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: FireWall-1 FTP Server Vulnerability
From: Emiliano Kargieman <core.lists.bugtraq@CORE-SDI.COM>
Date: Fri, 18 Feb 2000 19:19:05 -0300

Mikael Olsson wrote:

>
> The only solution that even begins to look "good" is to
> completely reassemble the TCP stream and not make "educated"
> guesses about what packet data belongs on what line and in
> which order and state of the FTP protocol.
>
> It doesn't have to be a "proxy" in order to do this, I think.
> You DO need to reassemble the stream completely though.
>

Of course, reassembling the TCP stream without proxing is bound to give you
some headaches too, remember "Insertion, Evasion and D.O.S"?

EK.
--
Emiliano Kargieman <ek@core-sdi.com>
Director de Investigacion - CoreLabs - Core-SDI S.A.
http://www.core-sdi.com

"At any rate, let us not loiter in the arena of hot events."
                                            Tom Robbins, ARA.



--- For a personal reply use emiliano_kargieman@core-sdi.com

Prev by Date: Re: DDOS Attack Mitigation
Next by Date: Re: perl-cgi hole in UltimateBB by Infopop Corp.
Prev by thread: Re: FireWall-1 FTP Server Vulnerability
Next by thread: Re: FireWall-1 FTP Server Vulnerability
Index(es):
- Date
- Thread