mailing list archives
Re: FireWall-1 FTP Server Vulnerability
From: dugsong () MONKEY ORG (Dug Song)
Date: Fri, 18 Feb 2000 23:27:26 -0500
On Fri, 18 Feb 2000, Mikael Olsson wrote:
The only solution that even begins to look "good" is to completely
reassemble the TCP stream and not make "educated" guesses about what
packet data belongs on what line and in which order and state of the
inspecting TCP application data within individual IP packets is a basic
layer violation. network IDSs also suffer from this problem, only worse.
fragrouter demonstrates this nicely.
reassembling the TCP stream will only get you so far - your proxy still
needs to actually implement the application protocol correctly. i'm
releasing a 'fragproxy' tool soon to demonstrate this.
but for now, an ObLameExploit: