Re: Question: FTP via alternate port

From: Max Ashton (maxashton@eml.cc)
Date: Fri Jan 27 2006 - 03:55:40 EST

• Next message: Jason Baeder: "Re: Question: FTP via alternate port"
• Previous message: Aaron: "Microsoft products at wholesale!"
• In reply to: Niels Taylor: "Question: FTP via alternate port"
• Next in thread: Jason Baeder: "Re: Question: FTP via alternate port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Niels.

It's a valid concern on some firewalls.

Many firewalls don't do any application level checks, they just check the
port. If you're not using something like a Netscreen, or a Checkpoint
firewall, or another firewall that does application level filtering, your
hacker will be able to gain access through any port that is open.

I'm sure someone will be able to tell you more firewalls which can do
application level filtering, or correct me if i'm wrong.

;)

Max Ashton

On Thursday 26 January 2006 20:27, Niels Taylor wrote:
> Hello list, I hope this question is not too "newbie," and I am sure if it
> is I will find out quickly. I am interested in ways an attacker could
> circumvent outbound FTP restrictions on a FW. I have researched this a bit
> but the information I am seeing is ambiguous, so I thought I'd take it
> straight to the experts.
>
> If a remote attacker gains command line access to a server (I am concerned
> about a Microsoft 2000 SQL server specifically) that is behind a firewall,
> and outbound FTP had been disabled at the FW, could the attacker use the MS
> FTP "Open" command to specify a different, unrestricted outbound port (e.g
> 80 or 443) to transfer files, (assuming of course that his FTP server is
> configured to listen on this port). Is this a viable scenario, and if not,
> could he send files via another method? This question assumes no outbound
> application layer inspection at the FW, so that it isn't able to see FTP
> traffic on port 23, or 80, for instance.
>
> Thank you for your help.
>
> Niels Taylor
>
>
>
> ---------------------------------------------------------------------------
>--- Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ---------------------------------------------------------------------------
>----

• application/pgp-signature attachment: stored

• Next message: Jason Baeder: "Re: Question: FTP via alternate port"
• Previous message: Aaron: "Microsoft products at wholesale!"
• In reply to: Niels Taylor: "Question: FTP via alternate port"
• Next in thread: Jason Baeder: "Re: Question: FTP via alternate port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT