Firewall Wizards mailing list archives

Re: Active to Passive FTP translator?

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Wed, 27 Nov 2002 10:17:16 +0100


Whoops. Tobias Reckhard caught a slip-up here:

Mikael Olsson wrote:

- The java applet connects out through the firewall, to a fake FTP
  server under the attacker's control, and sends
  "PASV 192,168,0,1,5,153" (connect to me on port 1433)
  and then
  "RETR whatever.bin" (i want to receive data)



This should be "PORT 192,168,0,1,5,153", not "PASV".

"PASV" is, of course, used in passive mode, like this:

Client: "PASV"
Server: "227 Entering Passive Mode (1,2,3,4,5,6)"

... which is safe for the client, but not for the server.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 Ă–RNSKĂ–LDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Active to Passive FTP translator? Dawes, Rogan (ZA - Johannesburg) (Nov 25)
- Re: Active to Passive FTP translator? Mikael Olsson (Nov 25)
- Re: Active to Passive FTP translator? Magosányi Árpád (Nov 25)
- <Possible follow-ups>
- RE: Active to Passive FTP translator? Scott, Richard (Nov 26)
  - Re: Active to Passive FTP translator? David Pick (Nov 26)
  - Re: Active to Passive FTP translator? Mikael Olsson (Nov 26)
    - Re: Active to Passive FTP translator? Mikael Olsson (Nov 27)