Re: CERT Advisory CA-97.27 - FTP_bounce

Alfred Huger (ahuger@SECURENETWORKS.COM)
Fri, 12 Dec 1997 12:10:03 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"
Previous message: Barry Irwin: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Maybe in reply to: Aleph One: "CERT Advisory CA-97.27 - FTP_bounce"

> For those of you wanting to test this problem have a look at
> http://www.rootshell.com/hacking/ftpBounceAttack
>

The FTP bounce attack as some people here have already noted, is quite
old.

A paper which has not been mentioned is one written by Hobbit which is
available at ftp://ftp.avian.org/random/ftp-attack . Hobbit documented
and wrote fixes for this problem quite some time ago. In fact, I believe
this was the first paper really describing the problem and Hobbit may very
well have been the one to discover it, although of this I am not sure.

In any event, the paper is very succinct and goes a long way towards
explaining the problem at length as well as showing how intruders etc. may
use it.

/****************************************************************************
Alfred Huger http://www.secnet.com/ballista
Project Director ahuger@secnet.com
Secure Networks Inc. (SNI)
*****************************************************************************/

Next message: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"
Previous message: Barry Irwin: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Maybe in reply to: Aleph One: "CERT Advisory CA-97.27 - FTP_bounce"