Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

FTP Security
From: "Marcelo Barbosa Lima" <marcelo.lima () dcc unicamp br>
Date: Tue, 4 May 1999 13:55:04 -0300


  Hi folks,
 
        I were reading one paper about security problems in FTP and did not
 undestand this:
 
    "When the data transfers are done in
    active mode, the attacker guesses the number of the TCP port where the
    target client will be doing a listen. He or she then repeatedly sends
    the ftp server to which the client is connected the commands PORT
    ip,of,client,machine,port,port RETR filename or STOR filename.
 
    Using RETR if he wishes to replace data transmitted to the client, and
    STOR if he is trying to intercept data the client would send to the
    server. "
 
    Do you agree with this? Well, i saw that the client sends his port
 number across  the control
 connection using  the PORT command. How can the atacker send (repeatdly)
 commands PORT to FTP server if he or she doesn't know TCP sequence
 numbers of the control connection  between client and server? Another
 question
 is: how can the atacker know about the control connections in a particular
 FTP server?  Netstat? I like your solutions for these problems! Sorry for
 my poor english :-).
 
 Thanks and Regards!
 
 
                                Marcelo B. Lima 
                                        marcelo.lima () dcc unicamp br

  By Date           By Thread  

Current thread:
  • FTP Security Marcelo Barbosa Lima (May 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]