[PEN-TEST] RES: [PEN-TEST] linux iptables ftp port command -- demo tool

From: Cristiano Lincoln Mattos (lincolnat_private)
Date: Mon Apr 16 2001 - 19:03:12 PDT

Next message: Keith.Morgan: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"

Previous message: Jens Knoell: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
In reply to: Jens Knoell: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
Next in thread: Keith.Morgan: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> This should, as far as I can see, only work for any host that actually runs
> an FTP server behind a firewall, and assumes that the FTP server is stupid
> enough to allow more or less arbitrary data ports... not a good idea for any
> firewalled FTP server, IMO. But still, a good idea to test FTP servers
> behind firewalls. Shouldn't that work for almost any other kind of Firewall
> too?
> Jens Knoell

	Actually, no.  If you have a chance, check out the advisory, it's
explained there.

The attack is not against the FTP Server itself (which will probably reply
with an "Illegall PORT Command" when you use it), but on the iptables
FTP module -- which will accept the PORT data without checking it, and
update it's expected connections in the connection table.

Cristiano Lincoln Mattos, CISSP, SSCP
CESAR - Centro de Estudos e Sistemas Avançados do Recife

Next message: Keith.Morgan: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
Previous message: Jens Knoell: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
In reply to: Jens Knoell: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
Next in thread: Keith.Morgan: "Re: [PEN-TEST] linux iptables ftp port command -- demo tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 19:15:30 PDT