Re: FireWall-1 FTP Server Vulnerability

[core.lists.bugtraq () CORE-SDI COM (Emiliano Kargieman)]

Mikael Olsson wrote:

> The only solution that even begins to look "good" is to
> completely reassemble the TCP stream and not make "educated"
> guesses about what packet data belongs on what line and in
> which order and state of the FTP protocol.
>
> It doesn't have to be a "proxy" in order to do this, I think.
> You DO need to reassemble the stream completely though.

Of course, reassembling the TCP stream without proxing is bound to give you
some headaches too, remember "Insertion, Evasion and D.O.S"?

EK.

--
Emiliano Kargieman <ek () core-sdi com>
Director de Investigacion - CoreLabs - Core-SDI S.A.
http://www.core-sdi.com

"At any rate, let us not loiter in the arena of hot events."
                                            Tom Robbins, ARA.

--- For a personal reply use emiliano_kargieman () core-sdi com