Re: iptables rule to block FTP-NAT-Helper-Traffic
- From: Andrew Gideon <c182driver1@xxxxxxxxxx>
- Date: Sat, 29 Nov 2008 20:24:13 +0000 (UTC)
On Wed, 26 Nov 2008 17:34:07 +0100, Pascal Hambourg wrote:
Anyway, is this really efficient ? Couldn't the hostile applet just
connect locally to the VNC port and relay the communication with the
hostile server ?
Alternatively, why bother using FTP for this? Could the applet not open
a connection from the local machine's port P to some specified port on
the malicious remote server? That remote/malicious server could then
connect to port P on the victim machine from that specific port. This
should work for any port P greater than 1024 and for either UDP or TCP.
I can envision a way to prevent this for TCP: Add to the
ESTABLISHED,RELATED rule logic which blocks a SYN w/o the ACK. But I'm
not sure how one could prevent UDP from sliding through in this attack.
- Andrew
.
- References:
- iptables rule to block FTP-NAT-Helper-Traffic
- From: Kevin Kempfer
- Re: iptables rule to block FTP-NAT-Helper-Traffic
- From: Pascal Hambourg
- iptables rule to block FTP-NAT-Helper-Traffic
- Prev by Date: Re: FC9 and default GW
- Next by Date: Re: dialup solution (as seconary connection / iptables )
- Previous by thread: Re: iptables rule to block FTP-NAT-Helper-Traffic
- Next by thread: tftp C++ library Options
- Index(es):
Relevant Pages
|
