Checkpoint FW-1 and "ftp missing newline char" attack
From: Liam Dolan (lgdolan_at_gmail.com)
Date: 09/29/04
- Next message: dianal: "Re: Sonicwall TZ170 to Netware"
- Previous message: Alan: "Soft vpn to Zywall 10"
- Next in thread: Rob Hughes: "Re: Checkpoint FW-1 and "ftp missing newline char" attack"
- Reply: Rob Hughes: "Re: Checkpoint FW-1 and "ftp missing newline char" attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Sep 2004 10:06:59 -0700
Howdy.
I'm trying to log in to a customer's ftp server from an AIX 5.3 box
behind FW-1. This is eventually going to be a cron job, but right now
I'm trying it manually for testing purposes.
I *have* to use passive mode.
Logging in defaults to active. No problem cding, lsing, getting, etc.
Then I issue the passive command, after which any attempt to use the
data port completely hangs the session.
Checking SmartView Tracker says that the firewall rejected the data
request due to an 'ftp missing newline char' attack, and subsequent
packets get dropped because they're out of state.
The admin at the customer site swears up and down that he's got
passive mode enabled and the high ports open to me on his end. I've
tried logging in to both his AS/400 and his MS box with the same
results.
Anybody have any ideas?
Thanks.
I should probably add that ncftp, which apparently defaults to passive
mode for data transfer, hangs in the same way as the normal client.
- Next message: dianal: "Re: Sonicwall TZ170 to Netware"
- Previous message: Alan: "Soft vpn to Zywall 10"
- Next in thread: Rob Hughes: "Re: Checkpoint FW-1 and "ftp missing newline char" attack"
- Reply: Rob Hughes: "Re: Checkpoint FW-1 and "ftp missing newline char" attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
