On Fri, 18 Feb 2000, Mikael Olsson wrote: > The only solution that even begins to look "good" is to completely > reassemble the TCP stream and not make "educated" guesses about what > packet data belongs on what line and in which order and state of the > FTP protocol. inspecting TCP application data within individual IP packets is a basic layer violation. network IDSs also suffer from this problem, only worse. fragrouter demonstrates this nicely. reassembling the TCP stream will only get you so far - your proxy still needs to actually implement the application protocol correctly. i'm releasing a 'fragproxy' tool soon to demonstrate this. but for now, an ObLameExploit: http://www.monkey.org/~dugsong/ftp-ozone.c.txt -d. --- http://www.monkey.org/~dugsong/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:09 PDT