[12897] in bugtraq
FTP DoS - PORT and PASV effected.
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Dec 9 00:33:44 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <199912072119.IAA13755@cairo.anu.edu.au>
Date: Wed, 8 Dec 1999 08:19:41 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: Renaud Deraison <deraison@cvs.nessus.org>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9912071840380.3431-100000@prof.fr.nessus.org> from
"Renaud Deraison" at Dec 07, 1999 06:46:05 PM
In some mail from Renaud Deraison, sie said:
>
> On Tue, 7 Dec 1999, Darren Reed wrote:
>
> > Who has more free file descriptors & network ports, you or the ftp server ?
>
>
> The attack you are describing is not new - this is just a PASV attack,
> which has been around for years.
>
> Hopefully, this problem is now solved.
[...]
btw, a similar sort of attack can be mounted using the PORT command.
You just need to setup a local listener, etc, or get the ftp server
to try connect to lots of network 10 sites in < 75 seconds before
TCP connect's start timing out. I'll leave that as an exercise for
the reader - a correct fix for the PASV problem should fix this one
as well (and the exploit is almost the same too).
Darren
