On Fri, 18 Feb 2000, Mikael Olsson wrote:
> The only solution that even begins to look "good" is to completely
> reassemble the TCP stream and not make "educated" guesses about what
> packet data belongs on what line and in which order and state of the
> FTP protocol.
inspecting TCP application data within individual IP packets is a basic
layer violation. network IDSs also suffer from this problem, only worse.
fragrouter demonstrates this nicely.
reassembling the TCP stream will only get you so far - your proxy still
needs to actually implement the application protocol correctly. i'm
releasing a 'fragproxy' tool soon to demonstrate this.
but for now, an ObLameExploit:
http://www.monkey.org/~dugsong/ftp-ozone.c.txt
-d.
---
http://www.monkey.org/~dugsong/
