Vulnerability Development mailing list archives
Re: ws_ftp pro 6.51 exposes internal IP addresses
From: Crawling KingSnake <kingsnake () MINISTER COM>
Date: Tue, 1 Aug 2000 12:07:07 -0400
How so is this an administrative issue? ws_ftp is the only one that does this. Other clients connect successfully using PASV mode. Maybe you should reread the statement and not be so quick to jump on the "administrator at fault" excuse. The server does not have the bounce attack enabled but the client must use PASV to connect because of the firewall. Those are two different issues. Please try to understand the situation before responding since these responses prove wasteful. On Mon, Jul 31, 2000 at 09:07:13AM -0400, Crawling KingSnake wrote:
ws_ftp pro 6.51 exposes internal IP addresses when connecting using PASV
<snip>
Vendor was notified but no response.
what is the vendor supposed to do? This is an administration issue. If you are protecting your network via a firewall, and you intend to hide all aspects of your network hierarchy, then you'll want to disable passive ftp. Unless ws_ftpd is not capable of disabling passive ftp, this doesnt sound like a vendor issue. <ss> ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 01)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- <Possible follow-ups>
- Re: ws_ftp pro 6.51 exposes internal IP addresses Vachon, Scott (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Iván Arce (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Nick (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Alun Jones (Aug 08)