[12926] in bugtraq
Re: FTP denial of service attack
daemon@ATHENA.MIT.EDU (Paulo Licio de Geus)
Fri Dec 10 14:34:19 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14415.65366.289448.166098@tigre.dcc.unicamp.br>
Date: Thu, 9 Dec 1999 17:13:26 -0200
Reply-To: Paulo Licio de Geus <paulo@DCC.UNICAMP.BR>
From: Paulo Licio de Geus <paulo@DCC.UNICAMP.BR>
X-To: Dustin Miller <dmiller@WFDEVELOPMENT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <GGEOLAAIGLMGDDIAGPIGAEOECAAA.dmiller@wfdevelopment.com>
On Tuesday, 7December1999, Dustin Miller wrote:
> FTP Voyager, for Win32, commonly uses one "login" session and then spawns
> "download" sessions for each download you begin with a particular site.
I recently tried FTP Explorer (Windows), and in the past I used Fetch
on MacOS doing simultaneous transfers in both cases. On closer look it
seems those applications use the first ftp control connection for the
main window, and upon a file transfer request issue another ftp
control connection to handle that file transfer, including the ftp
data stuff. I just transferred two large files at the same time under
FTP Explorer and observed 3 control connections and two data
connections (PASV mode).
--
Paulo Licio de Geus Internet: paulo@dcc.unicamp.br
Instituto de Computacao - UNICAMP voice: +55 19 788-5865
Av. Albert Einstein, 1251 mobile (cel): +55 19 9117-6351
caixa postal: 6176 fax: +55 19 788-5847
13083-970 Campinas SP Brazil http://www.dcc.unicamp.br/~paulo
