Hal Flynn <flynnat_private> apparently replied to someone: > > ServU FTP Server for Win32 has a Bug that makes it possible to relay > > email messages anonymously. As described in the RFC documents for FTP > > (959, 1579, 2228) its not recommendet for the service to accept PORT > > commands containing target ports above 1024/tcp. Example: > > Nice. I'd like to point out that this isn't a new issue per se, but > instead a rehash of something discovered by Hobbit, and described in > Bugtraq ID 126: > > http://www.securityfocus.com/bid/126 > > On another note, in two days, this vuln will be eight years old. I > suppose this is an early birthday present. As I haven't seen the whole of the post you are replying to, I cannot be sure of the OP's "intention" as the above may have been (subtly) removed from its proper context. But, FWIW, you should be aware that there are many ServU FTP servers out there, sitting on big, fat, open pipes. The ones I'm thinking of have mainly been put there as part of establishing the "pubstro"-style warez bot nets. Given how ServU got to be installed on these machines _and remain there_ (usually via ancient IIS exploits or null or otherwise easily-guessed admin passwords on Internet-visible Windows networking) it's a fair bet that banner scanning and the like to find them won't be detected _at the sites hosting these ServU servers_. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
This archive was generated by hypermail 2b30 : Sat Jul 12 2003 - 14:34:10 PDT