[5780] in bugtraq
Re: CERT Advisory CA-97.27 - FTP_bounce
daemon@ATHENA.MIT.EDU (Barry Irwin)
Fri Dec 12 12:53:15 1997
Date: Fri, 12 Dec 1997 11:00:25 +0200
Reply-To: BBFH <bvi@rucus.ru.ac.za>
From: Barry Irwin <balin@RUCUS.RU.AC.ZA>
X-To: aleph1@DFW.NET
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.971211162632.9087B-100000@dfw.dfw.net> from Aleph
One at "Dec 11, 97 04:31:19 pm"
Aleph One
> Note that this has been discussed a long time ago. I approved it becuse
> it is still an issue. For a nice recount of both active and passive attack
> read Secure Networks paper "Some problems with the File Transfer Protocol,
> a failure of common implementations, and suggestions for repair" at
> http://www.secnet.com/papers/ftp-paper.html
For those of you wanting to test this problem have a look at
http://www.rootshell.com/hacking/ftpBounceAttack
Barry
--
--
"Ground Control to Major Tom; your circuits dead, there is something wrong.."
------------------------------------------------------------------------------
Barry Irwin aka Big Bastard From Hell
bvi@rucus.ru.ac.za http://rucus.ru.ac.za/~bvi
bbfh@coredump.bofh.org.za http://coredump.bofh.org.za
-------------------------------------------------------------------------------
