2001309

	FTP file name overflow
advICE :Intrusions : 2001309

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
Buffer overflow attempt.
Details
A very long user name, password, or file name often signals an intentional effort to overflow a buffer on a server. By constructing the data in a particular way, the intruder may be able to execute his own code on the attacked sy.

more information

CERT: CA-99-03-FTP-Buffer-Overflows
advICE: Buffer overflows: More about this general class of attacks, which is the root cause of many attacks on the Internet.
advICE: FTP defense: How to harden an FTP server against Internet attacks.
advICE: FTP exploits: A list of common ways that intruders break into FTP servers.

parametric information

length The length of the file name; if it is longer than a few hundred characters, then it may be a buffer overflow attempt.

filename The initial portion of the filename. In a buffer overflow attempt, the initial part of the file name is useful for determining which subsystem is being compromised.

configuration for this item

file.maxname 200 The maximum length of a file name.

 
Version appeared:

FTP file name overflow