Hi, > This should, as far as I can see, only work for any host that actually runs > an FTP server behind a firewall, and assumes that the FTP server is stupid > enough to allow more or less arbitrary data ports... not a good idea for any > firewalled FTP server, IMO. But still, a good idea to test FTP servers > behind firewalls. Shouldn't that work for almost any other kind of Firewall > too? > Jens Knoell Actually, no. If you have a chance, check out the advisory, it's explained there. The attack is not against the FTP Server itself (which will probably reply with an "Illegall PORT Command" when you use it), but on the iptables FTP module -- which will accept the PORT data without checking it, and update it's expected connections in the connection table. Cristiano Lincoln Mattos, CISSP, SSCP CESAR - Centro de Estudos e Sistemas Avançados do Recife
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 19:15:30 PDT