[12886] in bugtraq
Re: FTP denial of service attack
daemon@ATHENA.MIT.EDU (Renaud Deraison)
Wed Dec 8 22:12:14 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9912071840380.3431-100000@prof.fr.nessus.org>
Date: Tue, 7 Dec 1999 18:46:05 +0100
Reply-To: Renaud Deraison <deraison@CVS.NESSUS.ORG>
From: Renaud Deraison <deraison@CVS.NESSUS.ORG>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199912071229.XAA13996@cairo.anu.edu.au>
On Tue, 7 Dec 1999, Darren Reed wrote:
> Who has more free file descriptors & network ports, you or the ftp server ?
The attack you are describing is not new - this is just a PASV attack,
which has been around for years.
Hopefully, this problem is now solved.
Most modern FTP servers will :
- either issue an error when they are issued a second
PASV command
- either accept the new PASV command, but they will close
the previously open socket, so the FTP server has only
two fd's open at a time.
If your FTP server server do not do this, use a real one.
-- Renaud
--
Renaud Deraison
The Nessus Project - http://www.nessus.org
