Bugtraq mailing list archives

Re: FTP denial of service attack

From: paulo () DCC UNICAMP BR (Paulo Licio de Geus)
Date: Thu, 9 Dec 1999 17:13:26 -0200


On Tuesday, 7December1999, Dustin Miller wrote:

FTP Voyager, for Win32, commonly uses one "login" session and then spawns
"download" sessions for each download you begin with a particular site.


I recently tried FTP Explorer (Windows), and in the past I used Fetch
on MacOS doing simultaneous transfers in both cases. On closer look it
seems those applications use the first ftp control connection for the
main window, and upon a file transfer request issue another ftp
control connection to handle that file transfer, including the ftp
data stuff.  I just transferred two large files at the same time under
FTP Explorer and observed 3 control connections and two data
connections (PASV mode).

--
Paulo Licio de Geus                 Internet: paulo () dcc unicamp br
Instituto de Computacao - UNICAMP   voice: +55 19 788-5865
Av. Albert Einstein, 1251           mobile (cel): +55 19 9117-6351
caixa postal: 6176                  fax: +55 19 788-5847
13083-970  Campinas SP Brazil       http://www.dcc.unicamp.br/~paulo

Current thread:

w00giving #8] Solaris 2.7's snoop, (continued)
- w00giving #8] Solaris 2.7's snoop Aleph One (Dec 06)
  - Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)
  - Clarification needed on the snoop vuln(s) Alfred Huger (Dec 09)
- FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Renaud Deraison (Dec 07)
    - FTP DoS - PORT and PASV effected. Darren Reed (Dec 07)
    - Re: FTP DoS - PORT and PASV effected. Henrik Nordstrom (Dec 09)
  - Re: FTP denial of service attack antirez () INVECE ORG (Dec 07)
  - Re: FTP denial of service attack Dustin Miller (Dec 07)
    - Re: FTP denial of service attack Hugo.van.der.Kooij () CAIW NL (Dec 08)
    - Re: FTP denial of service attack Paulo Licio de Geus (Dec 09)
    - [Debian] New version of htdig released Aleph One (Dec 10)
    - Fundamental flaw in UnixWare 7 security Brock Tellier (Dec 10)
    - Solaris sadmind Buffer Overflow Vulnerability Alfred Huger (Dec 10)
  - Re: FTP denial of service attack bert hubert (Dec 07)
    - Re: FTP denial of service attack antirez () INVECE ORG (Dec 09)
  - Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
    - Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Theo de Raadt (Dec 07)

(Thread continues...)