At 03:08 AM 6/19/2001, you wrote: >Issue: >2.) FTP allows anybody to DOS the machine with a well known con/con attack. > >Exploit: >2.) Connect to the server with anonymous and type cd con/con (yes, this is >well know and works with MANY other too, but we think it should be >filtered). While filtering such a command line may be a worthy suggestion, and is certainly implemented in our own software, it is far from a perfect (or even appropriate) solution. CON/CON is easy to avoid - you just filter on CON/CON. But then you also have to consider _every_ other DOS device name (MS calls them DDNs, in KB articles that reference them) that is, or could be, on your system. CLOCK$, for instance, can be used instead of CON, as can AUX, PRN, LPT1-9, etc, etc. Okay, you say, so you filter the standard DDNs out. Then you have to worry about non-standard, but possibly popular DDNs. There is no system call (that I could find after several days of searching) that will enumerate the available DDNs, and there appears to be no interest in generating a patch that will prevent this DDN\DDN blue-screen error. The only option available to developers is to filter on as many known DDNs as possible, and allow the user to extend that filter as and when necessary. This, of course, requires a substantially educated user, which is almost always the weakest possible means of securing a system. Alun. ~~~~ -- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alunat_private Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.
This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 08:48:51 PDT