~:This fact causes problems. Some application (for example ftp server in
~:passive mode or ftp client in active mode) use
~:listen(data, 1);
~:accept(data,...);
~:close(data);
~:to limit the number of incoming data connections to exactly one. If
~:second connection is not rejected it makes possible attack to inject
~:or intercept data between server and client as described in NAI
~:bulletin
That is a ftp daemon/client(depending whether it's an active or passive
mode), which should take care of accepting only single connection and only
from proper source (which is surprisely being ignored by some daemons,
such as ncftpd f.e.). However even ncftpd closes all the incoming
connections to the port once the first one has been accepted. Same goes
with my ftp client. (shipped r.h. 6.0). So I don't think there're any
security issues except syn-flooding, are involved here.
Received on Oct 30 1999
Intro
