Re: [fw-wiz] Variations of firewall ruleset bypass via FTP

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• In reply to: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Next in thread: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On Thursday, October 10, 2002 10:40 PM -0400 "Paul D. Robertson" 
<probertsat_private> wrote:

> One of the things that makes FTP such a bad case is that protecting the
> server means going to active FTP and protecting the clients means going
> to  PASV mode.  So there's not a natural protection point that allows
> both to  be satisfied.

An application proxy that does PASV->PORT translation achieves exactly 
this. Trivial to do (and was done in FWTK ftp-gw years ago).

-- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• In reply to: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Next in thread: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 11 2002 - 05:10:33 PDT