On Tue, 7 Dec 1999, Darren Reed wrote: > Who has more free file descriptors & network ports, you or the ftp server ? The attack you are describing is not new - this is just a PASV attack, which has been around for years. Hopefully, this problem is now solved. Most modern FTP servers will : - either issue an error when they are issued a second PASV command - either accept the new PASV command, but they will close the previously open socket, so the FTP server has only two fd's open at a time. If your FTP server server do not do this, use a real one. -- Renaud -- Renaud Deraison The Nessus Project - http://www.nessus.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:19:05 PDT