Re: [fw-wiz] Variations of firewall ruleset bypass via FTP
From: Carson Gaspar (carson@taltos.org)
Date: 10/11/02
- Next message: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Carson Gaspar <carson@taltos.org> To: Firewall Wizards <firewall-wizards@honor.icsalabs.com> Date: Fri Oct 11 07:55:03 2002
--On Thursday, October 10, 2002 10:40 PM -0400 "Paul D. Robertson"
<proberts@patriot.net> wrote:
> One of the things that makes FTP such a bad case is that protecting the
> server means going to active FTP and protecting the clients means going
> to PASV mode. So there's not a natural protection point that allows
> both to be satisfied.
An application proxy that does PASV->PORT translation achieves exactly
this. Trivial to do (and was done in FWTK ftp-gw years ago).
-- Carson
- Next message: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
