FTP DoS - PORT and PASV effected.

From: Darren Reed (avalonat_private)
Date: Tue Dec 07 1999 - 13:19:41 PST

Next message: Stefan Aeschbacher: "Re: Analysis of trin00"

Previous message: der Mouse: "Re: FTP denial of service attack"
Next in thread: Henrik Nordstrom: "Re: FTP DoS - PORT and PASV effected."
Reply: Henrik Nordstrom: "Re: FTP DoS - PORT and PASV effected."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some mail from Renaud Deraison, sie said:
>
> On Tue, 7 Dec 1999, Darren Reed wrote:
>
> > Who has more free file descriptors & network ports, you or the ftp server ?
>
>
> The attack you are describing is not new - this is just a PASV attack,
> which has been around for years.
>
> Hopefully, this problem is now solved.
[...]

btw, a similar sort of attack can be mounted using the PORT command.
You just need to setup a local listener, etc, or get the ftp server
to try connect to lots of network 10 sites in < 75 seconds before
TCP connect's start timing out.  I'll leave that as an exercise for
the reader - a correct fix for the PASV problem should fix this one
as well (and the exploit is almost the same too).

Darren

Next message: Stefan Aeschbacher: "Re: Analysis of trin00"
Previous message: der Mouse: "Re: FTP denial of service attack"
Next in thread: Henrik Nordstrom: "Re: FTP DoS - PORT and PASV effected."
Reply: Henrik Nordstrom: "Re: FTP DoS - PORT and PASV effected."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:19:21 PDT