> For those of you wanting to test this problem have a look at > http://www.rootshell.com/hacking/ftpBounceAttack > The FTP bounce attack as some people here have already noted, is quite old. A paper which has not been mentioned is one written by Hobbit which is available at ftp://ftp.avian.org/random/ftp-attack . Hobbit documented and wrote fixes for this problem quite some time ago. In fact, I believe this was the first paper really describing the problem and Hobbit may very well have been the one to discover it, although of this I am not sure. In any event, the paper is very succinct and goes a long way towards explaining the problem at length as well as showing how intruders etc. may use it. /**************************************************************************** Alfred Huger http://www.secnet.com/ballista Project Director ahugerat_private Secure Networks Inc. (SNI) *****************************************************************************/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:35 PDT