Re: Multi format string bugs in IPAD x.x ftp server
Eric Fitzgerald wrote: If I'm reading this correct. This appears to be format string bugs in your FTP client. Not in the server (notice the seg fault took you too your prompt) Connected to xxx.xxx.xxx.xxx. 220 xxx.xxx.xxx.xxx FTP server (IPAD 2.52) ready snip ftp site %s%s%s%s%s%s%s%s%s%s%s%s%s%s Segmentation fault [diab@epuj diab]$ Eric is right. I tested an IPAD 2.52 system with a linux ftp client and saw the same results. When using the FreeBSD default ftp client I got these results: 220 xxx.xxx.xxx.xxx FTP server (IPAD 2.52) ready at Wed Feb 21 09:18:41 2001 Name (xxx:xxx): anonymous 331 Anonymous logins ok. Please enter your e-mail address as password. Password: 230 User anonymous logged in. Remote system type is MSDOS. ftp site %x%x%x%x%x%x%x%x%x%x%x 500 Unknown command 'site %x%x%x%x%x%x%x%x%x%x%x' ftp site %s%s%s%s%s%s%s%s%s%s%s%s%s%s 500 Unknown command 'site %s%s%s%s%s%s%s%s%s%s%s%s%s%s' ftp site %p%p 500 Unknown command 'site %p%p' ftp site %c%c%c%c 500 Unknown command 'site %c%c%c%c' For those who don't know what an IPAD is, it's an all-in-one internet server made by eSoft that runs on MS-DOS. It has a badly non-compliant DNS server that can't receive replies bigger than 512 bytes, can't set the aa flag on NS records, and refuses to resolve any host with IPv6 information in it's dns reply. John Edwards
Re: DDOS Attack Mitigation
Alan Brown wrote: On Sun, 13 Feb 2000, Darren Reed wrote: You know if anyone was of a mind to find someone at fault over this, I'd start pointing the finger at ISP's who haven't been doing this due to "performance reasons". To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max 4000), they will collapse under the load. I maintain a number of sites running the ACC/Ericsson Tigris access servers, which have similar processing power to the 5300. These units have ingress filtering enabled on dialup ports by default, requiring a trivial amount of CPU utilization to do so. Ingress filtering is really just another routing decision, something that these kinds of boxes are made to do all day, every day. John Edwards
