Security Defect on IP filter.
|Reported by:||twoseven||Owned by:|
|Keywords:||Cc:||twoseven, Tim Kosse|
|Component version:||Operating system type:|
|Operating system version:|
When *.*.*.* is typed into the IP filters (any of them) to
block all IP addresses (turn the server off effectively),
the server sends a response when a connection attempt
Currently it sends the welcome message.
This allows anyone sniffing for an FTP server to confirm
there is indeed a server there. It should NOT send a
response - ie. it should be in stealth mode.
The result is that the server may then suffer a Denial of
Service attack on that port.
This causes a secondary error in that the FTP server
tries to send the welcome message back to every
connection attempt (which should not be allowed) and
promptly kills the server.
Not only that but us poor sods who have to pay for our
data usage (or have traffic limits) then promptly get a