Vulnerability Development mailing list archives
Re: Extending the FTP "ALG" vulnerability to any FTP client
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sat, 11 Mar 2000 13:39:19 +0100
Someone (off-list) wrote:
I desparately want to run this test against my own site.
I don't have a ready-to-fly test for this; this is the main reason why I released the theory of it as it stands. I'm hoping for one or a few of our list members with more time on their hands to hack up a piece of proof-of-concept code so that people start taking this seriously. The way I see it, this is a big failing of the security community. Nothing is really taken seriously until there's a readymade hack that actually does damage (which, ofcourse, any script-kiddie can use to wreak havoc against anyone).
Also, if they can connect to port 139, what apps would be used from this port? As I said, denying has been much easier for me than understanding methodology.
As I said, it doesn't have to be port 139. It can be any port. You may aswell regard any local workstation with a browser or HTML- enabled mail reader to not be protected by a firewall at all, since it can really be any port between 0 and 65535. Unless, ofcourse, your firewall does full protocol analysis and state tracking of the FTP protocol. Most don't. /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 11)