Re: [fw-wiz] Active to Passive FTP translator?
From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 11/27/02
- Next message: Esger Abbink: "[fw-wiz] Problem getting vpn to work between netscreen 208 and cisco 1721"
- Previous message: David Pick: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- In reply to: Mikael Olsson: "Re: [fw-wiz] Active to Passive FTP translator?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mikael Olsson <mikael.olsson@clavister.com> To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com> Date: Wed Nov 27 08:08:19 2002
Whoops. Tobias Reckhard caught a slip-up here:
Mikael Olsson wrote:
> - The java applet connects out through the firewall, to a fake FTP
> server under the attacker's control, and sends
> "PASV 192,168,0,1,5,153" (connect to me on port 1433)
> and then
> "RETR whatever.bin" (i want to receive data)
This should be "PORT 192,168,0,1,5,153", not "PASV".
"PASV" is, of course, used in passive mode, like this:
Client: "PASV"
Server: "227 Entering Passive Mode (1,2,3,4,5,6)"
... which is safe for the client, but not for the server.
-- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
- Next message: Esger Abbink: "[fw-wiz] Problem getting vpn to work between netscreen 208 and cisco 1721"
- Previous message: David Pick: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- In reply to: Mikael Olsson: "Re: [fw-wiz] Active to Passive FTP translator?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
