Re: OBSD reaction to CERT advisory

[Daniel Hartmeier <daniel () benzedrine cx>]

On Thu, Oct 10, 2002 at 10:48:00AM +1000, Darren Reed wrote:

> > If anyone fancies a little
> > competition, set up an ftp server behind an IPFilter firewall. Allow me
> > to connect to the ftp server (using passive mode, so the in-kernel ftp
> > proxy allows incoming ftp data connections). Setup a fake target, like
> > an echo "secret" inetd.conf entry, and absolutely filter any access to
> > that port on the firewall. If I can connect to that port and get the
> > secret, I win. How much are you betting?
>
> How much are you prepared to lose ?

Let's say USD 500? We'd need a fair judge to set up the firewall and ftp
server, I guess that takes about an hour or so of work. We could both
escrow the amount to the judge (wire, paypal, whatever). If, after a
defined period of time (say, three days), I can provide the secret to
the judge, I win. Otherwise I lose. If the judge is willing to provide
his/her services for free, the winner takes both bets, otherwise we
could agree that the judge gets the loser's share and the winner just
gets his money back, plus public statements acknowledging the results
from the judge and the opponent.

If you have any specific rules you want to add, please do so. Agree that
IPFilter of any recent version, on any OS it runs on, in either bridging
or IP forwarding mode can be used?

Maybe Paul is willing to act as judge? How high would the bet have to be
to justify providing the firewall and ftp server? Otherwise, is anyone
else interested?

Mikael, can you recommend a suitable OS and ftp daemon combination that
allows testing (the ftp server has commands that quote queries in the
needed way and the OS' stack does partial retransmissions)?

Daniel
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards