Re: [fw-wiz] OBSD reaction to CERT advisory
From: Darren Reed (darrenr@reed.wattle.id.au)
Date: 10/09/02
- Next message: Harald Koch: "[fw-wiz] Re: Tunnel intruder"
- Previous message: Irwin Lazar: "RE: [fw-wiz] Tunnel intruder"
- In reply to: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Next in thread: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Reply: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Darren Reed <darrenr@reed.wattle.id.au> To: Daniel Hartmeier <daniel@benzedrine.cx> Date: Wed Oct 9 20:37:17 2002
In some email I received from Daniel Hartmeier, sie wrote:
[...]
> And, yes, based solely on code inspection, I'm very confident that
> IPFilter is vulnerable to this attack.
Note, this statement: "code inspection". Not a code walk through or
even an actual test.
> If anyone fancies a little
> competition, set up an ftp server behind an IPFilter firewall. Allow me
> to connect to the ftp server (using passive mode, so the in-kernel ftp
> proxy allows incoming ftp data connections). Setup a fake target, like
> an echo "secret" inetd.conf entry, and absolutely filter any access to
> that port on the firewall. If I can connect to that port and get the
> secret, I win. How much are you betting?
How much are you prepared to lose ?
Darren
- Next message: Harald Koch: "[fw-wiz] Re: Tunnel intruder"
- Previous message: Irwin Lazar: "RE: [fw-wiz] Tunnel intruder"
- In reply to: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Next in thread: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Reply: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
