|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FreeBSD listen()
CyberPsychotic (fygrave
SCORPIONS.NET)
Thu, 28 Oct 1999 04:12:14 +0600
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: David Schwartz: "Re: FreeBSD listen()"
- Previous message: Thomas Dullien: "Possibly exploitable overflow in Alibaba 2.0"
- Next in thread: 3APA3A: "Re: FreeBSD listen()"
- Next in thread: David Schwartz: "Re: FreeBSD listen()"
- Reply: 3APA3A: "Re: FreeBSD listen()"
- Reply: Matthew S. Hallacy: "Re: FreeBSD listen()"
~ :This fact causes problems. Some application (for example ftp server in
~ :passive mode or ftp client in active mode) use
~ :listen(data, 1);
~ :accept(data,...);
~ :close(data);
~ :to limit the number of incoming data connections to exactly one. If
~ :second connection is not rejected it makes possible attack to inject
~ :or intercept data between server and client as described in NAI
~ :bulletin
That is a ftp daemon/client(depending whether it's an active or passive
mode), which should take care of accepting only single connection and only
from proper source (which is surprisely being ignored by some daemons,
such as ncftpd f.e.). However even ncftpd closes all the incoming
connections to the port once the first one has been accepted. Same goes
with my ftp client. (shipped r.h. 6.0). So I don't think there're any
security issues except syn-flooding, are involved here.
- Next message: David Schwartz: "Re: FreeBSD listen()"
- Previous message: Thomas Dullien: "Possibly exploitable overflow in Alibaba 2.0"
- Next in thread: 3APA3A: "Re: FreeBSD listen()"
- Next in thread: David Schwartz: "Re: FreeBSD listen()"
- Reply: 3APA3A: "Re: FreeBSD listen()"
- Reply: Matthew S. Hallacy: "Re: FreeBSD listen()"
This archive was generated by hypermail 2.0b3 on Sat Oct 30 1999 - 16:08:53 CDT