In some mail from Mikael Olsson, sie said:
>
> * RealAudio/Video (secondary UDP channel)
This can't be exploited in even close to the same way, if the proxy is
properly implemented. You might be able to write a java class to exploit
this from a web server which was waiting more easily than playing funny
games with URL's in HTML pages...if the web server is evil, having java
enabled is a big risk.
> Workarounds to this specific vulnerability
> --------------------------------------------
>
> * Disable active FTP. Errrr, wait. The fix for the server side
> vulnerability was to disable passive FTP. Let's rephrase that:
Which specific vulnerability was this ?
And was it a vulnerability or a DoS problem ?
oh, FWIW, some people do run ftp servers on non-port 20/21 with the
ftp-data port still one less than the real ftp port.
Darren
