Bugtraq mailing list archives

Re: FireWall-1 FTP Server Vulnerability

From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Thu, 17 Feb 2000 23:36:47 +1200


<<much snipped>>

Even with the best firewall in the world, I'm pretty convinced that
you need an ftp server that implements the FTP protocol correctly
before you have a hope of handling PASV correctly.


Which is a different way of making the point Greg Hoglund did in a
recent-ish ntbugtraq post (Subject: Crappy code is crappy code ...)
that a firewall has an icicle's chance in hell of adequately
mimicking a system it is supposed to protect if it does so purely on
the assumption that the code it is protecting works "correctly" by
the firewall developer's interpretation of "correct".

Regards,

Nick FitzGerald

Current thread:

Re: FireWall-1 FTP Server Vulnerability, (continued)
- Re: FireWall-1 FTP Server Vulnerability monti (Feb 14)
  - Re: FireWall-1 FTP Server Vulnerability Henrik Nordstrom (Feb 15)
    - DDoS whitepaper Bennett Todd (Feb 17)
    - Re: FireWall-1 FTP Server Vulnerability Mikael Olsson (Feb 17)
    - Re: FireWall-1 FTP Server Vulnerability Emiliano Kargieman (Feb 18)
    - Patch Available for "Site Wizard Input Validation" Vulnerability Microsoft Product Security (Feb 18)
    - Re: FireWall-1 FTP Server Vulnerability Dug Song (Feb 18)
  - Re: FireWall-1 FTP Server Vulnerability Borbely Zoltan (Feb 15)
    - Re: FireWall-1 FTP Server Vulnerability monti (Feb 17)
  - Re: FireWall-1 FTP Server Vulnerability Peter Benie (Feb 16)
    - Re: FireWall-1 FTP Server Vulnerability Nick FitzGerald (Feb 17)
    - ANN: Bruce 1.0ea2: Networked Host-Vulnerability Scanner for Solaris & Linux Alec Muffett (Feb 17)
- Re: FireWall-1 FTP Server Vulnerability der Mouse (Feb 17)
- Re: FireWall-1 FTP Server Vulnerability chess () US IBM COM (Feb 18)