Firewall Wizards mailing list archives
Re: OBSD reaction to CERT advisory
From: Daniel Hartmeier <daniel () benzedrine cx>
Date: Thu, 10 Oct 2002 09:20:07 +0200
On Thu, Oct 10, 2002 at 10:48:00AM +1000, Darren Reed wrote:
If anyone fancies a little competition, set up an ftp server behind an IPFilter firewall. Allow me to connect to the ftp server (using passive mode, so the in-kernel ftp proxy allows incoming ftp data connections). Setup a fake target, like an echo "secret" inetd.conf entry, and absolutely filter any access to that port on the firewall. If I can connect to that port and get the secret, I win. How much are you betting?How much are you prepared to lose ?
Let's say USD 500? We'd need a fair judge to set up the firewall and ftp server, I guess that takes about an hour or so of work. We could both escrow the amount to the judge (wire, paypal, whatever). If, after a defined period of time (say, three days), I can provide the secret to the judge, I win. Otherwise I lose. If the judge is willing to provide his/her services for free, the winner takes both bets, otherwise we could agree that the judge gets the loser's share and the winner just gets his money back, plus public statements acknowledging the results from the judge and the opponent. If you have any specific rules you want to add, please do so. Agree that IPFilter of any recent version, on any OS it runs on, in either bridging or IP forwarding mode can be used? Maybe Paul is willing to act as judge? How high would the bet have to be to justify providing the firewall and ftp server? Otherwise, is anyone else interested? Mikael, can you recommend a suitable OS and ftp daemon combination that allows testing (the ftp server has commands that quote queries in the needed way and the OS' stack does partial retransmissions)? Daniel _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OBSD reaction to CERT advisory Paul D. Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
- Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
- Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)