Re: FireWall-1 FTP Server Vulnerability

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: Thu Feb 17 2000 - 03:36:47 PST

Next message: Troy Bollinger: "Re: AIX SNMP Defaults"

Previous message: Elias Levy: "Re: "Association of Responsible Internet Providers"?"
Maybe in reply to: John McDonald: "FireWall-1 FTP Server Vulnerability"
Next in thread: der Mouse: "Re: FireWall-1 FTP Server Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<<much snipped>>
> Even with the best firewall in the world, I'm pretty convinced that
> you need an ftp server that implements the FTP protocol correctly
> before you have a hope of handling PASV correctly.

Which is a different way of making the point Greg Hoglund did in a
recent-ish ntbugtraq post (Subject: Crappy code is crappy code ...)
that a firewall has an icicle's chance in hell of adequately
mimicking a system it is supposed to protect if it does so purely on
the assumption that the code it is protecting works "correctly" by
the firewall developer's interpretation of "correct".


Regards,

Nick FitzGerald

Next message: Troy Bollinger: "Re: AIX SNMP Defaults"
Previous message: Elias Levy: "Re: "Association of Responsible Internet Providers"?"
Maybe in reply to: John McDonald: "FireWall-1 FTP Server Vulnerability"
Next in thread: der Mouse: "Re: FireWall-1 FTP Server Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:32 PDT