Re: FTP denial of service attack

From: Renaud Deraison (deraisonat_private)
Date: Tue Dec 07 1999 - 09:46:05 PST

Next message: Henrik Nordstrom: "Re: FTP denial of service attack"

Previous message: Chris Paget: "Re: NT WinLogon VM contains plaintext password visible in admin"
Maybe in reply to: Darren Reed: "FTP denial of service attack"
Next in thread: Henrik Nordstrom: "Re: FTP denial of service attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 7 Dec 1999, Darren Reed wrote:

> Who has more free file descriptors & network ports, you or the ftp server ?


The attack you are describing is not new - this is just a PASV attack,
which has been around for years.

Hopefully, this problem is now solved.

Most modern FTP servers will :

	- either issue an error when they are issued a second
	  PASV command

	- either accept the new PASV command, but they will close
	  the previously open socket, so the FTP server has only
	  two fd's open at a time.

If your FTP server server do not do this, use a real one.


				-- Renaud


--
Renaud Deraison
The Nessus Project - http://www.nessus.org

Next message: Henrik Nordstrom: "Re: FTP denial of service attack"
Previous message: Chris Paget: "Re: NT WinLogon VM contains plaintext password visible in admin"
Maybe in reply to: Darren Reed: "FTP denial of service attack"
Next in thread: Henrik Nordstrom: "Re: FTP denial of service attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:19:05 PDT