RELATED connections and the feeling of security
blancher at cartel-securite.fr
Fri Apr 13 16:31:04 CEST 2007
Le vendredi 13 avril 2007 à 14:57 +0200, Hugo Mildenberger a écrit :
> I base this solely on my observation and did not descend into sources until
> now. But I am nearby sure that I had not tried to establish an ftp
> connection to the site named in my original post. Even if so, following
> your remarks, should the ftp-conntrack helper expose arbitrary ports on
> the originating host?
There's a few conntrack helper around: FTP, IRC, H323, SIP, etc.
> Until today my understanding of this matter was, that the difference between
> related and established states would be, that within ESTABLISHED state
> ip-address and port are considered pairwise, while within RELATED state only
> ip-addresses are considered, making the described attack possible.
No that's not.
> Perhaps we could setup a test case? My equipment here has changed, and
> for the moment I have no shell access to my DSL router at the internet front.
The very first step to me is reliably reproducing your issue.
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
More information about the netfilter