Firewall Wizards mailing list archives

Re: Variations of firewall ruleset bypass via FTP

From: Carson Gaspar <carson () taltos org>
Date: Fri, 11 Oct 2002 14:31:32 -0400

--On Friday, October 11, 2002 10:40 AM +0200 Mikael Olsson<mikael.olsson () clavister com> wrote:

Yes, if an attacker can create file names with CRLFs in them, we're
most likely screwed no matter what we're running.

Unless the FTP software authors finally decide to support the RFC thattelnet-escapes CR.


--
Carson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Variations of firewall ruleset bypass via FTP, (continued)
- - - Re: Variations of firewall ruleset bypass via FTP Darren Reed (Oct 11)
    - Re: Variations of firewall ruleset bypass via FTP Darren Reed (Oct 11)
    - Re: Variations of firewall ruleset bypass via FTP Paul Robertson (Oct 11)
    - Re: Variations of firewall ruleset bypass via FTP Darren Reed (Oct 12)
    - Re: Variations of firewall ruleset bypass via FTP Paul D. Robertson (Oct 12)
    - Re: Variations of firewall ruleset bypass via FTP Darren Reed (Oct 12)
    - Re: Variations of firewall ruleset bypass via FTP Paul D. Robertson (Oct 12)
    - Re: Variations of firewall ruleset bypass via FTP Al Potter (Oct 11)
    - Re: Variations of firewall ruleset bypass via FTP Paul Robertson (Oct 11)
    - Re: Variations of firewall ruleset bypass via FTP Darren Reed (Oct 11)
    - Re: Variations of firewall ruleset bypass via FTP Carson Gaspar (Oct 11)
- Re: Variations of firewall ruleset bypass via FTP Philip J. Koenig (Oct 14)
  - Re: Variations of firewall ruleset bypass via FTP Paul D. Robertson (Oct 14)