Re: CERT Advisory CA-97.27 - FTP_bounce

Barry Irwin (balin@rucus.ru.ac.za)
Fri, 12 Dec 1997 11:00:25 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Previous message: Kev: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Maybe in reply to: Aleph One: "CERT Advisory CA-97.27 - FTP_bounce"
Next in thread: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"

Aleph One
> Note that this has been discussed a long time ago. I approved it becuse
> it is still an issue. For a nice recount of both active and passive attack
> read Secure Networks paper "Some problems with the File Transfer Protocol,
> a failure of common implementations, and suggestions for repair" at
> http://www.secnet.com/papers/ftp-paper.html

For those of you wanting to test this problem have a look at
http://www.rootshell.com/hacking/ftpBounceAttack

Barry

--
"Ground Control to Major Tom; your circuits dead, there is something wrong.."
------------------------------------------------------------------------------
Barry Irwin  aka Big Bastard From Hell
bvi@rucus.ru.ac.za                       http://rucus.ru.ac.za/~bvi
bbfh@coredump.bofh.org.za                http://coredump.bofh.org.za
-------------------------------------------------------------------------------

Next message: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Previous message: Kev: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Maybe in reply to: Aleph One: "CERT Advisory CA-97.27 - FTP_bounce"
Next in thread: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"