[3290] in bugtraq
ftpbounce-0.1.tar.gz
daemon@ATHENA.MIT.EDU (Rune Braathen)
Tue Aug 27 12:00:38 1996
Date: Tue, 27 Aug 1996 13:24:51 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Rune Braathen <runeb@td.org.uit.no>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
I have written a couple of java-programs to demonstrate the various
problems of the ftp bounce-attack. The sources can be downloaded from URL
http://www.td.org.uit.no/~runeb/services/ftpbounce-0.1.tar.gz
Abstract:
Due to a feature in the File Transfer Protocol (rfc959), ftp-servers can
be manipulated to send data to arbitrary hosts. The connections appear to
originate from the ftp-server, and can therefore be used to send data to
hosts that are guarded by packet-filtering mechanisms or blocked by
tcp-wrappers.
--
__________________________________________________________________
runeb / cF - runeb@td.org.uit.no - http://www.td.org.uit.no/~runeb
a new life awaits you, in the off-world colonies.
