Vulnerability Development mailing list archives
Re: ws_ftp pro 6.51 exposes internal IP addresses
From: Alun Jones <alun () TEXIS COM>
Date: Mon, 7 Aug 2000 14:23:26 -0000
I'd like to think it isn't ipfilter just because other ftp clients do not exhibit this behavior.
That ws_ftp pro is the only client you've experienced that shows you this problem is not of any interest. WS_FTP Pro is not able to get any information that it isn't given by the server. In this case, the server is passing out the internal IP address in its PASV response. In fact, it's supposed to, if it supports PASV, and PASV is enabled. However, if you're trying to hide the network topology surrounding the server, then the NAT must be aware of, and act on, those protocols that expose IP addresses. In this case, that protocol is FTP, and any well-written NAT should mask the address if configured to do so. That the address is escaping in any manner whatsoever is indicative of a failure in the NAT, or its configuration, and not of a failure in the client. WS_FTP Pro is doing exactly what it must as an FTP client. You have not told us yet what other FTP clients you have been using - it's possible that those other clients didn't report the information to the user in a form you recognised, but I can guarantee you that if they use PASV, then they are getting an IP address from the server, passed through the NAT, just as WS_FTP Pro is. Note finally, that if this were a problem with the client, you could have the manufacturers fix the client, and you would not have plugged the hole. Any hacker could come in with a suitably old version of WS_FTP Pro, or write their own client that mimics its behaviour, and have access to exactly that same information. The point where the hole needs to be fixed is the NAT - even if you cannot take my assurance that WS_FTP is doing nothing wrong, you should surely see that the only valid place to apply any fix would be at the FTP server or the NAT. And, since it's the NAT's job to protect your local network topology, it's there where the fix must be made. Alun Jones ~~~~~~~~~~
Current thread:
- ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 01)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- <Possible follow-ups>
- Re: ws_ftp pro 6.51 exposes internal IP addresses Vachon, Scott (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Iván Arce (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Nick (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Alun Jones (Aug 08)