Penetration Testing mailing list archives
Re: FTP Window of opportunity?
From: Anders Thulin <Anders.Thulin () tietoenator com>
Date: Wed, 24 Mar 2004 10:36:48 +0100
C Ryll wrote:
However, as I said previously, seeing that it actually says "Connected", and then hangs for about 10 seconds before terminating:1). Can I use this behavior to my advantage somehow? If yes, how? 2). Is there a known explanation to this?
As you don't say what platform you're using, or what particular FTP client, I can only guess. My guess is that what you see is client behaviour, not necessarily connected to actual FTP connectivity. (Perhaps client writes 'Connected...', then tries to connect, and when it times out, writes 'Connection terminated' even though there never was a connection established in the first place.) Try using netcat (nc) if you have it. It doesn't add any output that may be confusing: if it finds a FTP server, you'll get the banner line sent by the server -- if it cannot connect it will terminate. If there's any FTP proxy activity involved, it won't show it, though To be 100% certain, take a look at the actual FTP traffic with a sniffer. This is probably the safest thing, as you'll see everything that goes on, including any proxy behaviour (say, outside opens FTP connection speculatively, only to close it later when the inside doesn't want to play along.) Since nmap doesn't see an FTP server (recent version of nmap, default scan, no fancy options?), chances are pretty good there is nothing to see, though. -- Anders Thulin anders.thulin () tietoenator com 040-661 50 63 TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- FTP Window of opportunity? C Ryll (Mar 23)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)
- Re: FTP Window of opportunity? Nexus (Mar 24)
- Re: FTP Window of opportunity? Josh Tolley (Mar 24)
- Re: FTP Window of opportunity? Anders Thulin (Mar 24)
- <Possible follow-ups>
- RE: FTP Window of opportunity? Stevenson, John G (Mar 24)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)
- RE: FTP Window of opportunity? C Ryll (Mar 24)
- Re: FTP Window of opportunity? Erik Birkholz (Mar 25)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)