Re: [fw-wiz] Variations of firewall ruleset bypass via FTP

• Previous message: R. DuFresne: "[fw-wiz] source search;"
• In reply to: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Next in thread: Carson Gaspar: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Another addendum to add to this story, a quick check of some ftp
daemons shows they will convert the response to (at least HELP)
into uppercase.  The IPFilter ftp proxy will not accept that as
a valid response from a PASV.

e.g.

$ telnet solaris8 ftp
220 solaris8 FTP server (SunOS 5.8) ready.
HELP 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2)
502 Unknown command 227 ENTERING PASSIVE MODE (H1,H2,H3,H4,P1,P2).

So if I may reiterate what I said earlier, what the firewall does
for data going from the ftp server is not isolated in this problem
from what the ftp server does to the input.

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Previous message: R. DuFresne: "[fw-wiz] source search;"
• In reply to: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Next in thread: Carson Gaspar: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 11 2002 - 05:32:40 PDT