[5781] in bugtraq
Re: CERT Advisory CA-97.27 - FTP_bounce
daemon@ATHENA.MIT.EDU (Alfred Huger)
Fri Dec 12 15:26:01 1997
Date: Fri, 12 Dec 1997 12:10:03 -0700
Reply-To: Alfred Huger <ahuger@SECURENETWORKS.COM>
From: Alfred Huger <ahuger@SECURENETWORKS.COM>
X-To: Barry Irwin <balin@rucus.ru.ac.za>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19971212090025.4272.qmail@rucus.ru.ac.za>
> For those of you wanting to test this problem have a look at
> http://www.rootshell.com/hacking/ftpBounceAttack
>
The FTP bounce attack as some people here have already noted, is quite
old.
A paper which has not been mentioned is one written by Hobbit which is
available at ftp://ftp.avian.org/random/ftp-attack . Hobbit documented
and wrote fixes for this problem quite some time ago. In fact, I believe
this was the first paper really describing the problem and Hobbit may very
well have been the one to discover it, although of this I am not sure.
In any event, the paper is very succinct and goes a long way towards
explaining the problem at length as well as showing how intruders etc. may
use it.
/****************************************************************************
Alfred Huger http://www.secnet.com/ballista
Project Director ahuger@secnet.com
Secure Networks Inc. (SNI)
*****************************************************************************/
