mailing list archives
Re: FireWall-1 FTP Server Vulnerability
From: core.lists.bugtraq () CORE-SDI COM (Emiliano Kargieman)
Date: Fri, 18 Feb 2000 19:19:05 -0300
Mikael Olsson wrote:
The only solution that even begins to look "good" is to
completely reassemble the TCP stream and not make "educated"
guesses about what packet data belongs on what line and in
which order and state of the FTP protocol.
It doesn't have to be a "proxy" in order to do this, I think.
You DO need to reassemble the stream completely though.
Of course, reassembling the TCP stream without proxing is bound to give you
some headaches too, remember "Insertion, Evasion and D.O.S"?
Emiliano Kargieman <ek () core-sdi com>
Director de Investigacion - CoreLabs - Core-SDI S.A.
"At any rate, let us not loiter in the arena of hot events."
Tom Robbins, ARA.
--- For a personal reply use emiliano_kargieman () core-sdi com