Firewall Wizards mailing list archives
Re: recent telnet vulnerability
From: ark () eltex ru
Date: Sat, 11 Aug 2001 16:21:12 +0400 (MSD)
nuqneH, It does stop script kiddie's exploits, but is it really able to prevent the attack? tn-gw (fwtk and old Gauntlet, don't have current source now) does stop the _exploit_ too, because it does handle options sent while _initial_ handshake, but it does nothing with options sent later when session is already estabilished (well, not actually nothing but nothing that can stop the attacker). YOU (Balazs Scheidler) WROTE:
> Back to my original question, do we know any firewall that _does_protect_ > (not _is_immune!_) this vulnerability? Although my test environment is was not complete, as it seems the Telnet proxy in the soon-to-be-released Zorp 1.0 stops the attack. Here's what I did: - downloaded exploit code from securityfocus.com (zp-exp-telnetd.c) - it didn't work on my telnetd, however caused a SIGSEGV (I should have changed offsets) - fired up Zorp with telnet proxy listening on port 2323 and forwarding requests to localhost:23, changed the exploit to connect to the proxy port - launched the attack, the SIGSEGV didn't occur, Zorp logs show that some negotiations were rejected by the proxy (it allows only the required negotiations for telnet to work by default, but this can be changed by the administrator) Zorp 1.0 is not yet released, a development version (0.9.1) can however be downloaded, but it doesn't contain this proxy module. It's not yet decided whether the telnet proxy will be GPLd, or will only be available in the commercial version.
-- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: recent telnet vulnerability Chris Keladis (Aug 02)
- Re: recent telnet vulnerability m p (Aug 02)
- Re: recent telnet vulnerability Jonas Eriksson (Aug 04)
- <Possible follow-ups>
- Re: recent telnet vulnerability ark (Aug 04)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability ark (Aug 11)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability m p (Aug 02)