Re: HTML Form Protocol Attack

From: Mark van Walraven (markvat_private)
Date: Thu Aug 16 2001 - 15:16:07 PDT

Next message: Felipe Moniz: "MS-DOS Filename/Directory Vulnerability"

Previous message: Frederik Vermeulen: "Re: qmail starttls patch does not seed the random number generator"
In reply to: Barnaby Gray: "Re: HTML Form Protocol Attack"
Next in thread: Gustavo Molina: "Re: HTML Form Protocol Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 16, 2001 at 01:04:26PM +0100, Barnaby Gray wrote:
> What I meant is to get any useful data back over the FTP DATA
> connection (for LIST, RETR, STOR commands, etc.) you either have to
> use a passive mode transfer in which case you need to get another
> connection to connect to an arbitrary port on the server.  Or an
> active mode transfer in which case you need to be able to listen on a
> port specified in the PORT command. I believe this is a risk for

Hopefully I am not stating the obvious, but the argument to the PORT
command specify the IP address of the host to be used for the data
connection.  Therefore, the results of your LIST, RETR, STOR, etc.,
can be sent directly to some other host; a firewall that allows all
outbound connections is no obstacle.

Regards,

Mark.

Next message: Felipe Moniz: "MS-DOS Filename/Directory Vulnerability"
Previous message: Frederik Vermeulen: "Re: qmail starttls patch does not seed the random number generator"
In reply to: Barnaby Gray: "Re: HTML Form Protocol Attack"
Next in thread: Gustavo Molina: "Re: HTML Form Protocol Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 16:12:06 PDT