Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FreeBSD listen()

From: scut () NB IN-BERLIN DE (Sebastian)
Date: Fri, 5 Nov 1999 15:23:35 +0100

On Sun, 31 Oct 1999, CyberPsychotic wrote:

Hi.


for me just fine), I just got points that ftp daemon should do appropriate
things instead. :)) Quite humorous but looks like ftp developers would
claim that not their code, but kernel should take care of the solution to
the problem.. oh well, that is life :)


It may not be as easy as it looks. If you just go for "ftp daemon should
check source IP address of the data transfer", it would have the following
consequences:

   - effectivly proxy ftp transfers are denied, since the source IP is not
     the one of the client but the one of the remote ftp server
   - you'd get problems when using ftp bouncers or ftp bounce networks
     (such as bnc4all http://bnc4all.ftp4all.de/, redirect4all or the
     rftpd bouncer)
   - it might confuse load balancing application layer gateways
   - RFC 959 doesn't mention source IP checking anywhere, therefore it
     would be a doubtable selfmade addon

On the other hand random ports choosen by the server violate the RFC, too:
"Every FTP implementation must support the use of the default data ports,
and only the USER-PI can initiate a change to non-default ports."


-Fyodor


ciao,
scut / team teso
[http://teso.scene.at/]

--
- scut () nb in-berlin de - http://nb.in-berlin.de/scut/ -  - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet  --
-- you don't need a lot of people to be great, you need a few great to be --
-- the best -----------------------------------------------------------------
--- nuclear arrival weapon spy agent remain undercover, hi echelon ----------
Previous By Date Next
Previous By Thread Next

Current thread: