Le vendredi 13 avril 2007 à 14:57 +0200, Hugo Mildenberger a écrit : > I base this solely on my observation and did not descend into sources until > now. But I am nearby sure that I had not tried to establish an ftp > connection to the site named in my original post. Even if so, following > your remarks, should the ftp-conntrack helper expose arbitrary ports on > the originating host? There's a few conntrack helper around: FTP, IRC, H323, SIP, etc. > Until today my understanding of this matter was, that the difference between > related and established states would be, that within ESTABLISHED state > ip-address and port are considered pairwise, while within RELATED state only > ip-addresses are considered, making the described attack possible. No that's not. > Perhaps we could setup a test case? My equipment here has changed, and > for the moment I have no shell access to my DSL router at the internet front. The very first step to me is reliably reproducing your issue. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
