Firewall Wizards mailing list archives

Re: OBSD reaction to CERT advisory

From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 11 Oct 2002 02:13:26 +1000 (EST)

In some email I received from Daniel Hartmeier, sie wrote:

On Thu, Oct 10, 2002 at 11:45:48PM +1000, Darren Reed wrote:

That brings me to another point, that was sorely missed in all the
public material I've seen so far, except maybe by Sun (and in the
wrong way) and that is you need a very special ftp daemon (i.e. not
any of the vendor ones I have tried) before it will stand a chance
of defeating IPFilter.


How about the NetBSD ftpd?

  $ telnet ftp.netbsd.org 21
  Trying 2001:4f8:4:b:2e0:81ff:fe21:6563...
  Connected to ftp.netbsd.org.
  Escape character is '^]'.
  220 ftp.netbsd.org FTP server (NetBSD-ftpd 20020615) ready.
  HELP 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2)
  502 Unknown command 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).

ip_fil3.4.29/ip_ftp_pxy.c ippr_ftp_pasv() accepts that, when I tickle
the server to retransmit the "227 ..." part, no?

From a trace when I was doing testing:

...
Sep  2 01:35:38 openbsd /bsd: IN: 18 seq 44054f9b/0 ack a9/0 len 68
Sep  2 01:35:38 openbsd /bsd: sel 0 seqmin 0/0 offset 0/0
Sep  2 01:35:38 openbsd /bsd: sel 0 ackmin 0/0 offset 0/0
Sep  2 01:35:38 openbsd /bsd: rv 1 t:seq[0] a9 seq[1] a9 0/0
Sep  2 01:35:38 openbsd /bsd: ftps_seq[1] = 44054fdf inc 0 len 68
Sep  2 01:35:38 openbsd /bsd: appr_fixseqack: seq 44054f9b ack a9

Sep  2 01:35:38 openbsd /bsd: OUT: 10 seq a9/0 ack 44054f9f/0 len 0
Sep  2 01:35:38 openbsd /bsd: sel 0 seqmin 0/0 offset 0/0
Sep  2 01:35:38 openbsd /bsd: sel 0 ackmin 0/0 offset 0/0
Sep  2 01:35:38 openbsd /bsd: rv 0 t:seq[0] 44054f9b seq[1] 44054fdf 0/0
Sep  2 01:35:38 openbsd /bsd: not  ok
Sep  2 01:35:38 openbsd /bsd: proxy says bad packet received

The FTP proxy in 3.4.29 does not support partial resending of segments
(or at least did not appear to in my testing :-).  RTFS.

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

OBSD reaction to CERT advisory Paul D. Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
  - Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
    - Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
    - Re: OBSD reaction to CERT advisory Darren Reed (Oct 09)
    - Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
    - Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
    - Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
    - Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)