[3909] in WWW Security List Archive
Re: gopher
daemon@ATHENA.MIT.EDU (Benjamin Camp)
Sat Dec 28 04:26:08 1996
Date: Sat, 28 Dec 1996 01:16:26 -0600 (CST)
From: Benjamin Camp <benc@geocel.com>
To: Helen Reilly <aisecur!HReilly@bpd.treas.gov>
cc: firewalls@greatcircle.com, www-security@ns2.rutgers.edu
In-Reply-To: <2C42D550.1917@smtpgate.bpd.treas.gov>
Errors-To: owner-www-security@ns2.rutgers.edu
Well, I posted this awhile back.. but nobody really cared. Gopher can
proxy FTP so if you only have gopher access you can access files on an
FTP site. This is bad in that you can anonymously bounce through gopher
servers to appear you are coming from X country which is not allowed to
receive Y product.
But, your question is not dumb at all. I'm not sure which all gopher
servers support the FTP proxy, but apparently alot of them do. I have in
the past while forgotten the exact syntax to proxy to an FTP site through
gopher, but its by no means difficult. On the servers I tested it on,
there was no screening of which FTP servers I could get to. So another
obvious problem is Gopher <-> Firewall <-> Network FTP Server.. where the
gopher site can access the FTP server that the internet cannot. I do not
beleive there is a way to post on gopher, but there possibly might be
(someone who knows more about port 70 will have to take over at this point).
Ben Camp
On Fri, 27 Dec 1996, Helen Reilly wrote:
> Hi,
>
> I'm pretty new to web security and this is probably a "dumb"
> question. BUT...I would appreciate any help. I have a ftp
> site running under NT 4.0 and using IIS 2.0. I have recently
> started seeing the following messages in my logfiles. Should
> I be concerned? How are what looks like gopher commands being
> executed over ftp ports to the ftp server?
>
> Thanks in advance.
>
> Helen
>
>
> The log follows, (edited)
>
> xxx.xxx.xxx.xxx, anonymous, 12/25/96, 20:16:07, MSFTPSVC, FTP, -, 0,
> 16, 0, 0, 0, [1129] USER , anonymous, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:07, MSFTPSVC, FTP, -, 0,
> 15, 0, 0, 0, [1129] PASS , harvest@, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:08, MSFTPSVC, FTP, -, 0,
> 46, 0, 0, 2, [1129] sent , /, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:08, MSFTPSVC, FTP, -, 0,
> 19, 0, 0, 2, [1129] sent , /README, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:08, MSFTPSVC, FTP, -, 0,
> 18, 0, 0, 0, [1129] QUIT , -, -,
>
> xxx.xxx.xxx.xxx, anonymous, 12/25/96, 20:16:12, MSFTPSVC, FTP, -, 0,
> 16, 0, 0, 0, [1130] USER , anonymous, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:12, MSFTPSVC, FTP, -, 10,
> 15, 0, 0, 0, [1130] PASS , harvest@, -,
>
> xxx.xxx.xxx.xxx, anonymous, 12/25/96, 20:16:12, MSFTPSVC, FTP, -, 0,
> 16, 0, 0, 0, [1131] USER , anonymous, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:12, MSFTPSVC, FTP, -, 0,
> 15, 0, 0, 0, [1131] PASS , harvest@, -,
>
> xxx.xxx.xxx.xxx, anonymous, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 16, 0, 0, 0, [1132] USER , anonymous, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 15, 0, 0, 0, [1132] PASS , harvest@, -,
>
> xxx.xxx.xxx.xxx, anonymous, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 16, 0, 0, 0, [1133] USER , anonymous, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 109, 0, 0, 2, [1130] sent , /internal-gopher-binary, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 15, 0, 0, 0, [1133] PASS , harvest@, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 34, 0, 0, 0, [1130] QUIT , -, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 103, 0, 0, 2, [1131] sent , /internal-gopher-text, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 112, 0, 0, 2, [1132] sent , /internal-gopher-unknown, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 32, 0, 0, 0, [1131] QUIT , -, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 35, 0, 0, 0, [1132] QUIT , -, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 106, 0, 0, 2, [1133] sent , /internal-gopher-image, -,
>
> xxx.xxx.xxx.xxx, harvest@, 12/25/96, 20:16:13, MSFTPSVC, FTP, -, 0,
> 33, 0, 0, 0, [1133] QUIT , -, -,
>
