Vulnerability Development mailing list archives
Re: FreeBSD listen()
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Fri, 5 Nov 1999 13:48:05 -0800
Vladimir Dubrovin wrote:
According to RFC 959 (FILE TRANSFER PROTOCOL - STATUS:STANDARD) IP address shouldn't be checked: -=-=-=-=-=-=-=- In another situation a user might wish to transfer files between two Hosts, neither of which is his local Host. He sets up TELNET connections to the two servers and then arranges for a data connection between them. In this manner control information is passed to the user-PI but data is transferred between the server data transfer processes. -=-=-=-=-=-=-=- So, if your server does check the IP and doesn't allow connection from another IP your server doesn't complies with RFC 959. RFC 2228 which specifies security mechanism in FTP doesn't obsoletes this.
You probably didn't mean to imply this, but let me address it as if you did. First, thanks for pointing this out, it's very relevant. Second, as most folks here probably know, standards don't necessarily apply in security situations. On various firewall lists, etc.. I occasionally see a post where someone makes a statement like "you can't do that, it violates standard x, and breaks behavior y." In my mind, security is all about breaking any behavior you don't want to happen, per some policy, either written, or one you make up on the spot. This is irrespective of what the standards say. This can be unfortunate, as most coders will tend to favor features over security, and therefore tend to follow standards. So, if the standard includes risky features, so will the product. Ideally, the standard would be "fixed" and the products would have to follow. That's not going to happen with FTP. (FTP should just be declared obsolete, and blocked at the NAPs and MAEs, but that's a different rant.) So, you probably pointed this out to explain where the behavior came from (because it said so.) I appreciate the info. Silly me, I assumed like the original poster that that sort of behavior is broken, a result of not coding in a check. The point here is that this creates a security problem that attackers can take advantage of, and I assume we'd like a switch to turn it off with. BB
Current thread:
- Re: FreeBSD listen() CyberPsychotic (Oct 30)
- Re: FreeBSD listen() Vladimir Dubrovin (Nov 05)
- Re: FreeBSD listen() Sebastian (Nov 05)
- Re: FreeBSD listen() CyberPsychotic (Nov 03)
- Re: FreeBSD listen() David Schwartz (Nov 05)
- Re: FreeBSD listen() Blue Boar (Nov 05)
- Re: FreeBSD listen() Vladimir Dubrovin (Nov 05)
- <Possible follow-ups>
- Re: FreeBSD listen() D. J. Bernstein (Nov 05)
- Re: FreeBSD listen() D. J. Bernstein (Nov 08)