Cenzic 232 Patent
Paid Advertising
web application security lab

Bypassing Port Blocking Using Malicious FTP Server

Fayte sent me this Bindshell link today that discusses a way to bypass port blocking in Firefox, Opera and Konqueror. The obvious implications for this attack are to circumvent the restrictions built into Firefox in particular. This restriction makes it hard to do things like attack non HTTP ports due to a restriction build into default versions of Firefox. That really does put a crimp into port scanning, but this is a clever way to circumvent it using a malicious FTP server.

The basic concept is if you send a header like so: 227 Entering Passive Mode (192,168,0,1,84,149) your browser will be redirected if it supports the PASV command (which Firefox, Opera and Konqueror do). Very clever implementation and nice work from Mark at Bindshell!

6 Responses to “Bypassing Port Blocking Using Malicious FTP Server”

  1. Wladimir Palant Says:

    Argh, I reported this bug and it has been promptly resolved as a duplicate - this has been fixed already, need to wait for Firefox 2.0.0.3. I really shouldn’t be searching open bugs only when reporting them…

  2. Sid Says:

    Ignoring email from me are we :p
    I sent this to you on the 7th.

  3. john doe Says:

    I think you are missing the important point, Banner grabbing.

  4. RSnake Says:

    Oh crap, I see it now. I’m sorry, Sid… Yes, you definitely sent it to me first, for some reason it was marked as read, even though I didn’t read it. Stupid mail client marks things as read if I delete the message above it (usually spam).

    If I don’t respond to emails please re-send. I get literally thousands of emails a day (mostly through mailing lists, but I get at least 200-300 personal emails a day too), so sifting through them can be interesting to say the least.

  5. RSnake Says:

    @John - yup, that too, thanks for bringing it up!

  6. Sid Says:

    Heh. No harm done. To be honest I totally forgot I sent it to you until I read this.