Firewall Wizards mailing list archives
RE: Active to Passive FTP translator?
From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Tue, 26 Nov 2002 09:35:46 -0600
I am just curious at the real threat of allowing non passive FTP connections from clients. Assume one has a system that wants to contact many FTP servers, and the system itself is not an FTP server. Given that the firewall should be restricting specific access to hosts, the only threat I can foresee are the following: (1) spoof the IP address of a trusted FTP server and allow for a correct timing of events to falsify data (2) Spoof the IP address, to send FTP commands back to the client in the hope there is a vulnerability in the client. (3) Compromise the FTP server and await ftp connection from client and then perform 2. Any other rsks? Cheers r. Richard Scott INFORMATION SECURITY Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA The views expressed in this email do not represent Best Buy or any of its subsidiaries _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Active to Passive FTP translator? Dawes, Rogan (ZA - Johannesburg) (Nov 25)
- Re: Active to Passive FTP translator? Mikael Olsson (Nov 25)
- Re: Active to Passive FTP translator? Magosányi Árpád (Nov 25)
- <Possible follow-ups>
- RE: Active to Passive FTP translator? Scott, Richard (Nov 26)
- Re: Active to Passive FTP translator? David Pick (Nov 26)
- Re: Active to Passive FTP translator? Mikael Olsson (Nov 26)
- Re: Active to Passive FTP translator? Mikael Olsson (Nov 27)