Bugtraq mailing list archives
Re: CERT Advisory CA-97.27 - FTP_bounce
From: klmitch () MIT EDU (Kev)
Date: Thu, 11 Dec 1997 15:34:08 EST
The problem is that this is all after authenticating the user, so anyone could have anyones data, even if it needs one time passwords, and so on. The only hope to avoid this is just hoping that's a too small chance to get to the server before the attacker, since there is a time window, and the port number is also a secret. (Un)fortunately, there are only 65536 ports, and many servers schedule port numbers sequentially. Now, one only needs to be so lucky to race someone with a passive connection.
There's another way, set forth in RFC-2228. Versions of the client and server for UNIX exist and are shipped with the Kerberos source tree. Additionally, I am working on putting the appropriate support (for GSSAPI) into wu-ftpd. Using these extensions, the data can be transfered encrypted; the attack is then reduced to a denial of service attack, as the receiver can't do anything with the data he obtained. -- Kevin L. Mitchell klmitch () mit edu ------------------------- -. .---- --.. ..- -..- ------------------------- MIT Kerberos Development Team Work: (617) 253-9483 http://web.mit.edu/klmitch/www/ PGP keys available upon request
Current thread:
- CERT Advisory CA-97.27 - FTP_bounce Aleph One (Dec 10)
- Re: CERT Advisory CA-97.27 - FTP_bounce Janos Farkas (Dec 11)
- Re: CERT Advisory CA-97.27 - FTP_bounce Aleph One (Dec 11)
- Re: CERT Advisory CA-97.27 - FTP_bounce Barry Irwin (Dec 12)
- Re: CERT Advisory CA-97.27 - FTP_bounce Alfred Huger (Dec 12)
- Re: CERT Advisory CA-97.27 - FTP_bounce Aleph One (Dec 11)
- Q163852: Invalid Operand with Locked CMPXCHG8B Instruction Aleph One (Dec 12)
- Re: CERT Advisory CA-97.27 - FTP_bounce Janos Farkas (Dec 11)
- <Possible follow-ups>
- Re: CERT Advisory CA-97.27 - FTP_bounce Kev (Dec 11)