Firewalls: Re: New file transfer protocol: FSP

Firewalls
(May 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: New file transfer protocol: FSP
From:	Eliot Lear <lear @ yeager . corp . sgi . com>
Date:	Tue, 11 May 93 11:40:42 PDT
To:	Brent Chapman <brent @ GreatCircle . COM>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	Your message of Mon, 10 May 93 10:47:03 -0700

> I think it's the responsibility of the folks promoting a
> tool to take at least simple steps to limit its susceptibility to misuse.

Were this the attitude long held to by society, we would have never
allowed the use of round wheels, rocks, or forks.

> The problem is, this tool has made it trivial to bypass established
> packet filtering mechanisms.  Even the simple step of hard-coding a
> well-known-port into the software would have improved the security.
> Sure, it's trivial to edit the source and change the port, but I think
> most crackers wouldn't even go to that much effort.

The point was to bypass a recalcitrant administrator who went
overboard, snooping at people's packets.  The tool wouldn't be useful
if the normal mechanisms were allowed to function for the desired
transfers.

Eliot Lear
[lear @
 sgi .
 com]

Follow-Ups:

Re: New file transfer protocol: FSP
From: Steve Simmons <scs @ lokkur . dexter . mi . us>

Indexed By Date	Previous:	Re: New file transfer protocol: FSP From: Rens Troost <rens @ stimpys . IMSI . COM>
Indexed By Date	Next:	Re: New file transfer protocol: FSP From: Steve Simmons <scs @ lokkur . dexter . mi . us>
Indexed By Thread	Previous:	Re: New file transfer protocol: FSP From: Ed Anselmo <anselmo @ nic . near . net>
Indexed By Thread	Next:	Re: New file transfer protocol: FSP From: Steve Simmons <scs @ lokkur . dexter . mi . us>