Bugtraq mailing list archives
Re: FTP denial of service attack
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Thu, 9 Dec 1999 15:35:59 +1100
In some mail from der Mouse, sie said: [...]
As far as I can tell the ftp protocol has no way to name data channels, so there's no way for *any* ftp client to use multiple concurrent data channels without opening a separate control connection for each one, and that this is therefore a simple bug in servers that accept multiple PASV commands and maintain multiple concurrent data connections for a single control connection. Am I missing something?
Just the obvious from an implementation point of view ;) It makes sense that (if the ftp server supports is) for a second file, for which I've made a second connection, to come down that stream, etc. The connections aren't named directly because there is no need to. The single order of operations within the FTP protocol provides some assurance that file request A goes with connection a, etc. Darren
Current thread:
- Re: FTP denial of service attack der Mouse (Dec 07)
- Whois.cgi - ADVISORY. Cody T. - hhp (Nov 09)
- Re: FTP denial of service attack Darren Reed (Dec 08)
- Re: FTP denial of service attack Phillip Susi (Dec 08)
- <Possible follow-ups>
- Re: FTP denial of service attack der Mouse (Dec 08)
- Re: FTP denial of service attack der Mouse (Dec 08)