Vulnerability Development mailing list archives
Re: FreeBSD listen()
From: scut () NB IN-BERLIN DE (Sebastian)
Date: Fri, 5 Nov 1999 15:23:35 +0100
On Sun, 31 Oct 1999, CyberPsychotic wrote: Hi.
for me just fine), I just got points that ftp daemon should do appropriate things instead. :)) Quite humorous but looks like ftp developers would claim that not their code, but kernel should take care of the solution to the problem.. oh well, that is life :)
It may not be as easy as it looks. If you just go for "ftp daemon should check source IP address of the data transfer", it would have the following consequences: - effectivly proxy ftp transfers are denied, since the source IP is not the one of the client but the one of the remote ftp server - you'd get problems when using ftp bouncers or ftp bounce networks (such as bnc4all http://bnc4all.ftp4all.de/, redirect4all or the rftpd bouncer) - it might confuse load balancing application layer gateways - RFC 959 doesn't mention source IP checking anywhere, therefore it would be a doubtable selfmade addon On the other hand random ports choosen by the server violate the RFC, too: "Every FTP implementation must support the use of the default data ports, and only the USER-PI can initiate a change to non-default ports."
-Fyodor
ciao, scut / team teso [http://teso.scene.at/] -- - scut () nb in-berlin de - http://nb.in-berlin.de/scut/ - - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet -- -- you don't need a lot of people to be great, you need a few great to be -- -- the best ----------------------------------------------------------------- --- nuclear arrival weapon spy agent remain undercover, hi echelon ----------
Current thread:
- Re: FreeBSD listen() CyberPsychotic (Oct 30)
- Re: FreeBSD listen() Vladimir Dubrovin (Nov 05)
- Re: FreeBSD listen() Sebastian (Nov 05)
- Re: FreeBSD listen() CyberPsychotic (Nov 03)
- Re: FreeBSD listen() David Schwartz (Nov 05)
- Re: FreeBSD listen() Blue Boar (Nov 05)
- Re: FreeBSD listen() Vladimir Dubrovin (Nov 05)
- <Possible follow-ups>
- Re: FreeBSD listen() D. J. Bernstein (Nov 05)
- Re: FreeBSD listen() D. J. Bernstein (Nov 08)