Date: Пт, 08 окт 1999 20:10:25
От: "Heinbuch, David V." <David.Heinbuch@JHUAPL.EDU>
Кому: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Тема: Possible Denial of Service in Gauntlet 5.0 for NT
--------------------------------------------------------------------------------
I'm running Gauntlet 5.0 on a Windows NT server (service pack 5). It is
protecting only a small subnet and it is using NAT on the outside interface
and transparency turned on for the inside interface. The ftp proxy is
enabled for the internal policy and an external policy containing certain
external addresses. When a user ftps from an allowed outside address to the
firewall they are then able to enter their username@hostname_on_inside
<mailto:username@hostname_on_inside> which then connects them to the
internal host and asks for the password. They are then able to enter their
password and are then given the ftp prompt. Then after entering a command
like ls the connection hangs. Not too big of a deal, maybe something with
needing a passive connection. The kicker is that the network interfaces on
the firewall are both now unresponsive and require a reboot of the firewall
to begin functioning again. While the inability to get an ftp connection
might be a configuration problem, the dead network interfaces does not seem
like an acceptable state because this could easily be used for a denial of
service attack.
