Bugtraq: Re: ftpd: the advisory version

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: ftpd: the advisory version

From: djb () CR YP TO (D. J. Bernstein)
Date: Thu, 6 Jul 2000 18:20:14 -0000


monti writes:

*allowing* other than src-20 active data connections through a firewall,


Why are you allowing PORT-style FTP through your firewall? See RFC 1579.
Can I scan port 6000 on your hosts if I set my source port to 20?

Netscape uses PASV. The OpenBSD ftp client uses PASV. The Linux ftp
client uses PASV if you give it the -p option. Internet Explorer uses
PASV. What makes you think that requiring PASV will noticeably increase
the level of user annoyance at your firewall?

---Dan

By Date By Thread

Current thread:

Conclusion to recent working WuFTPD Exploits, (continued)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
  - Re: ftpd: the advisory version Mike Gleason (Jul 02)
  - [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
  - Re: ftpd: the advisory version monti (Jul 05)
    - Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
    - Re: ftpd: the advisory version monti (Jul 07)
    - Re: ftpd: the advisory version Mikael Olsson (Jul 07)
    - Re: ftpd: the advisory version David Maxwell (Jul 07)
    - Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
    - Re: ftpd: the advisory version Richard Rager (Jul 11)