[PEN-TEST] RES: [PEN-TEST] linux iptables ftp port command -- demo tool

From: Cristiano Lincoln Mattos (lincolnat_private)
Date: Mon Apr 16 2001 - 19:03:12 PDT

  • Next message: Keith.Morgan: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"

    Hi,
    
    > This should, as far as I can see, only work for any host that actually runs
    > an FTP server behind a firewall, and assumes that the FTP server is stupid
    > enough to allow more or less arbitrary data ports... not a good idea for any
    > firewalled FTP server, IMO. But still, a good idea to test FTP servers
    > behind firewalls. Shouldn't that work for almost any other kind of Firewall
    > too?
    > Jens Knoell
    
    	Actually, no.  If you have a chance, check out the advisory, it's
    explained there.
    
    The attack is not against the FTP Server itself (which will probably reply
    with an "Illegall PORT Command" when you use it), but on the iptables
    FTP module -- which will accept the PORT data without checking it, and
    update it's expected connections in the connection table.
    
    Cristiano Lincoln Mattos, CISSP, SSCP
    CESAR - Centro de Estudos e Sistemas Avançados do Recife
    



    This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 19:15:30 PDT