Bugtraq mailing list archives
Re: Update: Extending the FTP "ALG" vulnerability to any FTP client
From: Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)
Date: Wed, 22 Mar 2000 23:55:59 +0100
On Tue, 21 Mar 2000, Paul Cardon wrote:
Lars.Troen () MERKANTILDATA NO wrote:With Firewall-1 all ports defined in the /etc/services file will be denied connections to during an ftp session. This is defined in the file base.def as follows: // ports which are dangerous to connect to #define NOTSERVER_TCP_PORT(p) { (not ( ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0, set sr12 p, set sr1 0, log bad_conn)Actually, the /etc/services file has nothing to do with it. All services of type TCP _defined_within_FW-1_ are added to the tcp_services table used in the macro listed above. A default FW-1 install will include a certain number of these but the list changes with the addition or removal of TCP service definitions in the rule base. The behavior of the inspect code can also be modified to make it as strict or open as desired.
The services list is actually the list of services defined in the objects.C file. The services do NOT need to be defined in any rulebase. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Use of any of my email addresses for unsollicited (commercial) email is a clear intrusion of my privacy and illegal!
Current thread:
- Re: Update: Extending the FTP "ALG" vulnerability to any FTP clie nt Lars.Troen () MERKANTILDATA NO (Mar 17)
- Re: Update: Extending the FTP "ALG" vulnerability to any FTP clie David Grimes (Mar 20)
- Re: Update: Extending the FTP "ALG" vulnerability to any FTP client Paul Cardon (Mar 21)
- Re: Update: Extending the FTP "ALG" vulnerability to any FTP client Hugo.van.der.Kooij () CAIW NL (Mar 22)