Hi my name is Karl C. Lherisson a network consultant at a securities firm. I am writing to inform you that I recently purchased Trend Micro's InterScan product for its ability to scan email for viruses and to prevent SPAM from being relayed of our SMTP server. I also decided to look into the FTP proxy feature that is included but I found a possible security hole in the product. When using InterScan version 3.0 as a stand alone proxy there is no way to limit who can have access to the FTP proxy. Unlike the SMTP portion, where one can specify valid source IP addresses that are able to relay mail, anyone on the Internet who knows the IP address of the InterScan FTP proxy can use it to log onto another network and basically hide their identity. So if I were a "hacker" and I wanted to launch an FTP attack on lets say COMPANY A, and I know there is a Trend Micro InterScan FTP Proxy server at COMPANY B, well I would login to COMPANY B proxy server and then connect to COMPANY A. What makes matters worse is that InterScan 3.0 does not keep a log of FTP connections (basically making the hacker anonymous), and the software will perform the job of checking the hacker's files for viruses. Additionally, if COMPANY A found out that they were infiltrated in some way, it would appear that it originated from COMPANY B. Fortunately, the FTP Proxy Server can be disabled but this kills 1/3 of the product functionality. - Karl C. Lherisson karlat_private Network Consultant
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:23 PDT