I've been trying to post my complete advisory to this list several times to no avail. I'm starting to suspect a really low "max message length". Agh. "How to open connections to any port on 'protected' hosts" : ----8<---- Extending the FTP "ALG" vulnerability to any FTP client Author: Mikael Olsson, EnterNet Sweden <[EMAIL PROTECTED]> Original Date: 2000-03-10 Originally posted to: Bugtraq, Vuln-dev (BID 1045) Vendor contacted: Nope, sorry, too many. Updated: 2000-03-14 - Added exploit by Dug Song <[EMAIL PROTECTED]> - Added browser-specific info - Begun writing a list of firewalls expected to be vulnerable - Rewrote a couple of paragraphs that were causing much head scratching Synopsis ---------- It is possible to cause many firewalls to open arbitrary ports allowing external hosts to connect to "protected" clients. In this case, it is done by fooling the protected client into sending a specially crafted FTP request through the firewall, which it misinterprets as a legitimate FTP "PORT" command. READ THE COMPLETE ADVISORY AT: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-8&[EMAIL PROTECTED] -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
