Re: [fw-wiz] Variations of firewall ruleset bypass via FTP

From: Carson Gaspar (carson@taltos.org)
Date: 10/11/02


From: Carson Gaspar <carson@taltos.org>
To: Firewall Wizards <firewall-wizards@honor.icsalabs.com>
Date: Fri Oct 11 07:55:03 2002


--On Thursday, October 10, 2002 10:40 PM -0400 "Paul D. Robertson"
<proberts@patriot.net> wrote:

> One of the things that makes FTP such a bad case is that protecting the
> server means going to active FTP and protecting the clients means going
> to PASV mode. So there's not a natural protection point that allows
> both to be satisfied.

An application proxy that does PASV->PORT translation achieves exactly
this. Trivial to do (and was done in FWTK ftp-gw years ago).

-- 
Carson


Relevant Pages

  • Re: Encrypted traffic
    ... In the Usenet newsgroup comp.security.misc, ... >routes it until it reaches the company's gateway and the server. ... or fiber (packets harder to sniff). ... If someone isn't protecting your information that you consider sensitive, ...
    (comp.security.misc)
  • Re: OWA resolution issues on the WAN
    ... MVP - Exchange ... "Protecting the world from PSTs and brick backups!" ... I am successfully able to ping the server so any other ...
    (microsoft.public.exchange.admin)
  • RE: Password Protecting A Subweb
    ... http://www.masterpiecegroup.com/MP-Rep%20Web/_derived folder. ... | Subject: Password Protecting A Subweb ... | the "server" menu choice is grayed-out on my PC. ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: [9fans] a few Qs regarding cpu/auth server
    ... if we're just protecting against people wandering by who are ... The whole friggin' point of a colo is that you trust the people ... server, if you're going to be dumb enough to leave the head attached). ... users has been that I keep the monitor off, and in those 2 years I ...
    (comp.os.plan9)
  • Re: Document containing many ActiveX controls prints out blank
    ... Are you protecting with the correct Type and NoReset values? ... I have a 9 page Word document that contains a large number of ActiveX ... PS Getting the clients to use Infopath for data input is a non-starter. ...
    (microsoft.public.word.vba.general)