Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: CERT Advisory CA-97.27 - FTP_bounce

Re: CERT Advisory CA-97.27 - FTP_bounce

Barry Irwin (balinrucus.ru.ac.za)
Fri, 12 Dec 1997 11:00:25 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Previous message: Kev: "Re: CERT Advisory CA-97.27 - FTP_bounce"
In reply to: Aleph One: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Next in thread: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"

Aleph One
>   Note that this has been discussed a long time ago. I approved it becuse
> it is still an issue. For a nice recount of both active and passive attack
> read Secure Networks paper "Some problems with the File Transfer Protocol,
> a failure of common implementations, and suggestions for repair" at
> http://www.secnet.com/papers/ftp-paper.html

For those of you wanting to test this problem have a look at
http://www.rootshell.com/hacking/ftpBounceAttack

Barry


--

--
"Ground Control to Major Tom; your circuits dead, there is something wrong.."
------------------------------------------------------------------------------
Barry Irwin  aka Big Bastard From Hell
bvirucus.ru.ac.za                       http://rucus.ru.ac.za/~bvi
bbfhcoredump.bofh.org.za                http://coredump.bofh.org.za
-------------------------------------------------------------------------------

Next message: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Previous message: Kev: "Re: CERT Advisory CA-97.27 - FTP_bounce"
In reply to: Aleph One: "Re: CERT Advisory CA-97.27 - FTP_bounce"
Next in thread: Alfred Huger: "Re: CERT Advisory CA-97.27 - FTP_bounce"