Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: ws_ftp pro 6.51 exposes internal IP addresses
From: Alun Jones <alun () TEXIS COM>
Date: Mon, 7 Aug 2000 14:23:26 -0000
I'd like to think
it isn't ipfilter just because other ftp clients do not 
exhibit this
behavior.


That ws_ftp pro is the only client you've experienced that 
shows you this problem is not of any interest.  WS_FTP Pro 
is not able to get any information that it isn't given by 
the server.  In this case, the server is passing out the 
internal IP address in its PASV response.  In fact, it's 
supposed to, if it supports PASV, and PASV is enabled.  
However, if you're trying to hide the network topology 
surrounding the server, then the NAT must be aware of, and 
act on, those protocols that expose IP addresses.  In this 
case, that protocol is FTP, and any well-written NAT should 
mask the address if configured to do so.

That the address is escaping in any manner whatsoever is 
indicative of a failure in the NAT, or its configuration, 
and not of a failure in the client.  WS_FTP Pro is doing 
exactly what it must as an FTP client.  You have not told 
us yet what other FTP clients you have been using - it's 
possible that those other clients didn't report the 
information to the user in a form you recognised, but I can 
guarantee you that if they use PASV, then they are getting 
an IP address from the server, passed through the NAT, just 
as WS_FTP Pro is.

Note finally, that if this were a problem with the client, 
you could have the manufacturers fix the client, and you 
would not have plugged the hole.  Any hacker could come in 
with a suitably old version of WS_FTP Pro, or write their 
own client that mimics its behaviour, and have access to 
exactly that same information.  The point where the hole 
needs to be fixed is the NAT - even if you cannot take my 
assurance that WS_FTP is doing nothing wrong, you should 
surely see that the only valid place to apply any fix would 
be at the FTP server or the NAT.  And, since it's the NAT's 
job to protect your local network topology, it's there 
where the fix must be made.

Alun Jones
~~~~~~~~~~

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]