Re: CERT Advisory CA-97.27 - FTP_bounce

Alfred Huger (ahuger@SECURENETWORKS.COM)
Fri, 12 Dec 1997 12:10:03 -0700

> For those of you wanting to test this problem have a look at

The FTP bounce attack as some people here have already noted, is quite

A paper which has not been mentioned is one written by Hobbit which is
available at . Hobbit documented
and wrote fixes for this problem quite some time ago. In fact, I believe
this was the first paper really describing the problem and Hobbit may very
well have been the one to discover it, although of this I am not sure.

In any event, the paper is very succinct and goes a long way towards
explaining the problem at length as well as showing how intruders etc. may
use it.

Alfred Huger
Project Director
Secure Networks Inc. (SNI)