mailing list archives
Re: FireWall-1 FTP Server Vulnerability
From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Thu, 17 Feb 2000 23:36:47 +1200
Even with the best firewall in the world, I'm pretty convinced that
you need an ftp server that implements the FTP protocol correctly
before you have a hope of handling PASV correctly.
Which is a different way of making the point Greg Hoglund did in a
recent-ish ntbugtraq post (Subject: Crappy code is crappy code ...)
that a firewall has an icicle's chance in hell of adequately
mimicking a system it is supposed to protect if it does so purely on
the assumption that the code it is protecting works "correctly" by
the firewall developer's interpretation of "correct".