[Fair warning: somewhat inflammatory. Count backwards from 100.] Darren Reed wrote: > > Sure [partial acknowledgement] can happen but how often does it really > happen ? For the minor convienience of dropping whatever packets and > causing a full resend, I think I'm happy to discard partial segments. > Given this is only currently done for the FTP command channel (and > that's hardly a massive user of buffering), I'm not concerned. If it > breaks 1 time in 100, but the other 99 are secured, that 1 off is a > sacrifice I'm willing to force. Yes, I agree fully. For the FTP command channel, this might be a reasonable bandaid that might stop this class of attacks. I was just saying that one shouldn't make that assumption about TCP in general (as Paul was theorizing). > Another addendum to add to this story, a quick check of some ftp > daemons shows they will convert the response to (at least HELP) > into uppercase. All the other commands _don't_ convert it. > So if I may reiterate what I said earlier, what the firewall does > for data going from the ftp server is not isolated in this problem > from what the ftp server does to the input. This is absolutely true. However, I believe I have shown that there is at least one way of constructing strings that are completely resistant to any amount of string scrubbing through using the FTP protocol alone. And this doesn't even begin to touch other data channel protocols that various firewalls may or may not support. > I'm not in control of what version ships with NetBSD. SEP. I can't help but parsing all of this as "I don't care that previous versions were vulnerable. I don't care that NetBSD is shipping a vulnerable version. And I particularily don't give a flying f&ck that listing ipf as 'Not Vulnerable' means that there's no reason for distributors to rush out a new version. It's all Someone Else's (the users') Problem." No one said that exploiting this was trivial. Buffer overruns and format string attacks aren't trivial either. It's been a while since I heard "it's non-trivial, so we're not vulnerable", and I'd been hoping that I wouldn't have to hear it again. Here, I've had to practice this myself on occasion: "I screwed up. I'm only human; it happens. I'm sorry. I've done my best to fix the problem: here's the upgrade." Really, take my word for it, it sits a h*ll of a lot better with most people than "SEP". And, in the long run, it feels a whole lot better too. Sincerely, Mikael Olsson -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Fri Oct 11 2002 - 05:37:55 PDT