Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FireWall-1 FTP Server Vulnerability

From: dugsong () MONKEY ORG (Dug Song)
Date: Fri, 18 Feb 2000 23:27:26 -0500

On Fri, 18 Feb 2000, Mikael Olsson wrote:


The only solution that even begins to look "good" is to completely
reassemble the TCP stream and not make "educated" guesses about what
packet data belongs on what line and in which order and state of the
FTP protocol.


inspecting TCP application data within individual IP packets is a basic
layer violation. network IDSs also suffer from this problem, only worse.
fragrouter demonstrates this nicely.

reassembling the TCP stream will only get you so far - your proxy still
needs to actually implement the application protocol correctly. i'm
releasing a 'fragproxy' tool soon to demonstrate this.

but for now, an ObLameExploit:

        http://www.monkey.org/~dugsong/ftp-ozone.c.txt

-d.

---
http://www.monkey.org/~dugsong/
Previous By Date Next
Previous By Thread Next

Current thread: