Home page logo

bugtraq logo Bugtraq mailing list archives

Re: FireWall-1 FTP Server Vulnerability
From: core.lists.bugtraq () CORE-SDI COM (Emiliano Kargieman)
Date: Fri, 18 Feb 2000 19:19:05 -0300

Mikael Olsson wrote:

The only solution that even begins to look "good" is to
completely reassemble the TCP stream and not make "educated"
guesses about what packet data belongs on what line and in
which order and state of the FTP protocol.

It doesn't have to be a "proxy" in order to do this, I think.
You DO need to reassemble the stream completely though.

Of course, reassembling the TCP stream without proxing is bound to give you
some headaches too, remember "Insertion, Evasion and D.O.S"?


Emiliano Kargieman <ek () core-sdi com>
Director de Investigacion - CoreLabs - Core-SDI S.A.

"At any rate, let us not loiter in the arena of hot events."
                                            Tom Robbins, ARA.

--- For a personal reply use emiliano_kargieman () core-sdi com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]