Bugtraq mailing list archives

Re: FTP denial of service attack

From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Tue, 7 Dec 1999 22:41:45 -0700

I don't know of any ftp clients which make use of this feature (multiple
data channels supported concurrently) as the original ftp clients were all
line-based and only suported one transfer at a time.  Maybe this is
reasonable, but it would be a shame for the default defense to this attack
to mean you can't use FTP to it's full potential (i.e. start a transfer
from the current session but keep using the current `login' session, maybe
to start other transfers, as requried).  Triming the number of concurrent
data sessions to a maximum of 1-5 (by default) would probably be enough,
with the capability to set this higher/lower as required.


The OpenBSD ftpd has never permitted more than 1 connection at a time
in PASV mode, thus this particular denial of service attack does not
work.

I caused myself some difficulties by accidentally starting up 400 perl
instances, though..

One of the Linux's out there also ships with our ftpd, so they will
not have a problem with this either.  It's either Debian or Suse...

Current thread:

Re: FTP denial of service attack, (continued)
- - - Re: FTP denial of service attack Paulo Licio de Geus (Dec 09)
    - [Debian] New version of htdig released Aleph One (Dec 10)
    - Fundamental flaw in UnixWare 7 security Brock Tellier (Dec 10)
    - Solaris sadmind Buffer Overflow Vulnerability Alfred Huger (Dec 10)
  - Re: FTP denial of service attack bert hubert (Dec 07)
    - Re: FTP denial of service attack antirez () INVECE ORG (Dec 09)
  - Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
    - Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Theo de Raadt (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Gregory A Lundberg (Dec 10)
  - RSAREF2 buffer overflow patch Gerardo Richarte (Dec 10)
- Re: new IE5 remote exploit Shane Hird (Dec 07)
- NT WinLogon VM contains plaintext password visible in admin mode Robert Horvick (Dec 07)
  - Re: NT WinLogon VM contains plaintext password visible in admin mode Chris Paget (Dec 08)
- [Debian] New version of sendmail released Aleph One (Dec 07)
- The money: protocol in Internet Explorer Richard M. Smith (Dec 20)
  - Re: The money: protocol in Internet Explorer David Litchfield (Dec 21)
- Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Ussr Labs (Dec 20)