�$B$40U8+$446A[Ey$O$$$D$G$b4?7^$7$^$9!#�(B
�$BA4BN!&0lIt$K4X$o$i$:�(B�$BL5CGJ#@=$r6X$8$^$9�(B�$B!#�(B
(�$B8=:_$N$H$3$m!"�(Bftpd ML�$B$N5-;v$O0lHL$K$O8x3+$5$l$F$$$^$;$s!#�(B
�$B0J2<$N5-;v$O$*4j$$$7$F8x3+$N5v2D$r$$$?$@$$$?$b$N$G$9!#�(B)
�$B%j%s%/$O<+M3$K$O$C$F2<$5$$!#�(B
�$B8D!9$N5-;v$N@hF,$K$b%"%s%+!<$rIU$7$F$"$j$^$9!#�(B
�$BNc$($P�(B [ftpd 664] �$B$H$$$&�(B Subject �$B$N5-;v$O!"�(B
- http://katsu.watanabe.name/doc/ftp/responses.html#ftpd-664
�$B$H$$$&7A$G;2>H$G$-$^$9!#�(B
From: WATANABE Katsuhiro <katsu@sra.co.jp>
Date: Fri, 31 Mar 2000 02:30:46 +0900
Subject: [ftpd 664] controll and data connections must be separated for 3parties.
�$B$O$8$a$^$7$F!#EOn49n9(!w#S#R#A$H?=$7$^$9!#�(B
�$BO78e$N%\%1M=KI$K%3%s%T%e!<%?%M%C%H%o!<%/$NJY6/$r;O$a$h$&$H$7$F$khttp://www.sra.co.jp/people/katsu/doc/ftp/
�$BMW;]$O!"�(B
(A) data �$B$ru67$G$O!"�(Bcontrol connection �$B$H�(B data
connection �$B$,J,$+$l$F$$$k$3$H$,K\Aw$K4X$o$k#2e$K$_$i$l$?6qBNNc$H$7$F�(B
http://galaxy.trc.rwcp.or.jp/text/cgi-bin/newsarticle?ng=fj.unix&id=<8978.910863233@rananim.ie.u-ryukyu.ac.jp>&hd=a
http://galaxy.trc.rwcp.or.jp/text/cgi-bin/newsarticle?ng=fj.unix&id=<75vats$a2r$1@horse.fsinet.or.jp>&hd=a
�$B$r5s$2$F$*$-$^$9!#$$$:$l%M%C%H%K%e!<%9$N@$3&$G5DO@$7$?$$$N$G!">e5-$N�(B
�$BH?O@$N�(B web �$B%Z!<%8$+$i$3$l$i$X$N%j%s%/$rD%$k$3$H$O$?$a$i$C$F$$$^$9$,�(B...�$B!#�(B
�$B$J$*!"$3$N�(B mailing list �$B$N�(B archive �$B$,$I$3$+$K$"$j$^$7$i$*65$(2<$5$$!#�(B
--
�$BEOn49n9(!w#S#R#A�(B
From: pyramid@tkf.att.ne.jp
Date: Fri, 31 Mar 2000 10:54:37 +0900
Subject: [ftpd 665] Re: controll and data connections must be separatedfor 3 parties.
�$B!!$O$8$a$^$7$F!#�(B
�$B!!%&%'%VGR8+$7$^$7$?!VO78e$N%\%1M=KI!W$H6D$C$F$$$k$o$j$K$OFI$_1~$($,$"$j�(B
�$B$^$7$?$h�(B:-)
�$B!!�(BFTP�$B$K4X$9$k8m2r$K$D$$$F$O6D$k$H$*$j$@$HGP!K�(B)
�$B!!$?$@!"$^$!%$%s%?!<%M%C%H$K@\B3$7$F!"$=$N>e$GAv$k�(Bprotocol�$B$rMxMQ$9$k�(B
�$B%f!<%6$,A}2C$9$k$K$D$l$F!"$4;XE&$N�(B1�$BBP�(B1�$B$G$N%U%!%$%kE>Aw$N$_$7$+%5%]!<%H�(B
�$B$5$l$F$$$J$$�(Bclient�$B$N$h$&$J!"�(Bprotocol�$B$G5,Dj$5$l$?G=NO$rA4$F%5%]!<%H�(B
�$B$7$J$$$b$N$,0lHLE*$K$J$C$F$$$/$H$$$&@/<#E*!"7P:QE*$J>u67$,2&6HE*$JMW5a$G�(BWeb�$B$KBP$9$k%5!<%S%9E}9g�(B(�$B$^$?$O�(B
�$B2?$G$b�(BWeb�$B$KJ|$j9~$`!"$H$b$$$$$^$9$,�(B:-p)�$B$,$O$2$7$/$F!"85Mh�(BNewsgroup�$B$G�(B
�$B9T$o$l$F$$$?7G<(HD$d�(BIRC�$B$J$I$G9T$o$l$F$$$k�(BChat�$B!"$5$i$K$O�(BSMTP/POP�$B$K$h$k�(B
�$BEE;R%a!<%k$^$G!"�(BWEB(HTTP)�$B>e$G5<;wE*$KMxMQ$G$-$k$h$&$J%5!<%S%9$,8=$l$F�(B
�$B$$$k8=>u$@$+$i$3$=!"$4;XE&$N$h$&$J�(Bprotocol�$B$^$G7!$j2<$2$?5DO@$OI,MW$J$N�(B
�$B$G$O$J$$$+$H46A[$r$b$A$^$7$?!#�(B
�$B!!$=$l$G$O!#�(B
Exitus patet-------------------------------------+---------------------
pyramid@tkf.att.ne.jp
A6 1D 87 D0 0D 96 BC FE 4D 6A
76 1A 81 28 8D 39 21 04 DC 73
FTP server�$B$+$iG'>Z$J$7$K�(B3rd party�$B$XD>@\%U%!%$%k$rE>Aw$7$h$&$H$$$&;n$_$O!"�(B
FTP bounce attack
�$B$H8F$P$l$F$$$k!#�(B
�$B$D$^$j!":#F|$G$O$3$l$O$b$O$d�(Battack�$B$H$H$i$($i$l$F$*$j!"0lHL$K$O5!G=$H$$$&M}2r$N$5$l$+$?$G$O$J$$!#�(B
From: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime /�$B>.EgH%�(B)
Date: Fri, 31 Mar 2000 11:08:35 +0900
Subject: [ftpd 666] Re: controll and data connections must be separatedfor 3 parties.
<20000331023046V.katsu@sra.co.jp>�$B$K$*$$$F�(B
WATANABE Katsuhiro �$B$5$s$,$*$C$7$c$k$K$O�(B:
| �$B$5$F!"�(BFile Transfer Protocol �$B$K$D$$$F!"0J2<$N$h$&$Jhttp://www.sra.co.jp/people/katsu/doc/ftp/
| �$BMW;]$O!"�(B
| (A) data �$B$ru67$G$O!"�(Bcontrol connection �$B$H�(B data
| connection �$B$,J,$+$l$F$$$k$3$H$,K\http://www.sra.co.jp/people/katsu/doc/ftp/ �$B$K$"$k?^$r;2>H$7$J$,�(B
; �$B$i$N0U8+�(B
�$B8D?ME*$K$O!"G'>Z$J$7$K�(B A-B �$B4V$G$ND>@\%U%!%$%kE>Aw$r5v2D$9$k!V5!G=!W�(B
�$B$,I,MW$@$H$O;W$$$^$;$s�(B (�$BITMW$@$H;W$$$^$9�(B) �$B$+$i!"�(Bcontrol connection
�$B$H�(B data connection �$B$rJ,$1$kI,MW@-$bG'<1$G$-$^$;$s!#�(Bwu-ftpd �$B$N�(B
>Changes in 2.4.2-BETA-18-VR14: Released 15 February, 1999
�$B!D!D�(B
> o Disallow PASV connections from IP addresses different than the control
> connection. This is not a complete fix, but it will stop connection
> theft where the attacker is on a different machine than the victim-
> client.
�$B$b$=$&$$$&$3$H$@$HG'<1$7$F$$$^$9!#�(B
----
// �$BLZ2<@'M:!VM}2J7O$N:nJ85;=Q!WCf8x?7=q�(B 624 �$B$rFI$b$&�(B!!
�$B>.Eg�(B �$BH%�(B - KOJIMA Hajime
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/
Phone: 077-543-7414 Fax: 077-543-0706
From: Koga Youichirou <y-koga@mms.mt.nec.co.jp>
Date: Fri, 31 Mar 2000 12:48:36 +0900 (JST)
Subject: [ftpd 667] Re: controll and data connections must be separatedfor 3 parties.
�$BEOn4$5$s�(B:
> �$B$5$F!"�(BFile Transfer Protocol �$B$K$D$$$F!"0J2<$N$h$&$Jhttp://galaxy.trc.rwcp.or.jp/text/cgi-bin/newsarticle?ng=fj.unix&id=<8978.910863233@rananim.ie.u-ryukyu.ac.jp>&hd=a
> (A) data �$B$ru67$G$O!"�(Bcontrol connection �$B$H�(B data
> connection �$B$,J,$+$l$F$$$k$3$H$,K\AwItJ,$N%W%m%H%3%k$,$@$5$$$N$G$"$C�(B
�$B$F!"5-;v$Ghttp://galaxy.trc.rwcp.or.jp/text/cgi-bin/newsarticle?ng=fj.unix&id=<75vats$a2r$1@horse.fsinet.or.jp>&hd=a
> (B) data �$BE>Aw$K4X$o$k#2$E$1$i$l$?35G0$O�(B
�$B$"$j$^$;$s$G$7$?$,!"9M$(J}$H$7$F6a$$$b$N$,$b$H$H$J$C$?$s$8$c$J$$$+$H;W�(B
�$B$$$^$9!#�(B
----
�$B$3$,$h$&$$$A$m$&�(B
�$B;29MJ88%�(B
From: "Hisayuki Nomura" <hnomura@fa2.so-net.ne.jp>
Date: Fri, 31 Mar 2000 13:57:41 +0900
Subject: [ftpd 668] Re: controll and data connections must be separatedfor 3 parties.
ML�$B$KEj9F$9$k$N$O=i$a$F$J$N$G!"%^%J!<0cH?$J$I$"$l$P$4;XE&$/$@$5$$!#�(B
> �$BO78e$N%\%1M=KI$K%3%s%T%e!<%?%M%C%H%o!<%/$NJY6/$r;O$a$h$&$H$7$F$ku67$G$O!"�(Bcontrol connection �$B$H�(B data
> connection �$B$,J,$+$l$F$$$k$3$H$,K\Aw$H!"%U%!%$%kE>Aw$H$$$&JL$NFs$D$N$b$N$G$"$C$?!"�(B
�$B!!$H$$$&Nr;KE*7P0^�(B
(2) data�$B$rAw$9$k$H$-$N%W%m%H%3%k$G!"�(B
�$B%U%!%$%k$NFbMF$G$"$k%G!<%?$H!"$=$N%G!<%?E>Aw$r@)8f$9$k$?$a$N%3!<%I�(B
�$B!J=*C<%3!<%IEy!K0J30$O%G!<%?%i%$%s$rN.$l$^$;$s�(B
�$B$G!"#F#T#P$O!"$3$N�(BData-Transfer-Protocol�$B$rMxMQ$7$F!"%G!<%?$N$^$H$^$j$G�(B
�$B$"$k!V%U%!%$%k!W$rAw$KBg$-$JJQ99�(B
�$B$,2C$($i$l$F$$$^$9$,!"!V%W%m%H%3%kFs$D!W$NItJ,$KBg$-$JJQ99$,$J$5$l$J�(B
�$B$+$C$?M}M3$O$o$+$j$^$;$s!#�(B
�$B$D$^$j!"#F#T#P$G@)8f%j%s%/$H%G!<%?%j%s%/$,J,$+$l$F$$$k$N$O!"$b$H$b$HJL$N�(B
�$B$b$N$@$C$?$+$i$G$"$j!"$=$l0J>e$G$b$=$l0J2<$G$b$J$$$H;W$$$^$9!#�(B
(2)�$B$H9M$($kM}M3�(B
�$B2a5n$N�(BRFC�$B$K$*$$$F$O!"!V#F#T#P$NA`:n5!4o!W$O!"%@%`CAw$b$G$-$k!W$N$G$O$J$/!"!V%5!<%P!<4VE>Aw$,4pK\!W�(B
�$B$G$"$C$?$3$H$,A[A|$G$-$^$9!#�(B
�$B0J>e!"$+$J$j?dB,$,F~$C$F$$$^$9$,!"8m$j$J$I$"$l$P!"$4;XE&$$$?$@$1$l�(B
�$B$P9,$$$G$9!#�(B
--------------------------------------------
�$BLnB
その後電子化されたようで、現在は各種RFCアーカイブサイトで参照できる。
From: WATANABE Katsuhiro <katsu@sra.co.jp>
Date: Wed, 27 Jun 2001 15:08:55 +0900
Subject: [ftpd 784] Re: controll and data connections must be separatedfor 3 parties.
�$B;d$N=q$$$?�(B http://www.sra.co.jp/people/katsu/doc/ftp/responses.html �$B$G!'�(B
> RFC264: "The Data Transfer Protocol"; A. Bhushan, B. Braden, W. Crowther,
> E. Harslem, J. Heafner, A. McKenize, B. Sundberg, D. Watson, J. White ;
> Jan-04-1972. �$BK\2H�(BIETF�$B$N�(Brepository�$B$r4^$a!"�(BThe Internet �$B>e$N$I$3$K$b$_$D$+$i$J�(B
> �$B$$!#M}M3$OFf!#�(B
�$B$3$l$KBP$7$F!"�(B
"Nomura, Hisayuki" <hnomura@fa2.so-net.ne.jp> �$B$5$s$$$O$/�(B [ftpd 783]
> �$B$H$N$3$H$G$7$?$,!"0JA0!"�(BRFC959�$B$rK.Lu$7$?$H$-$K$O3N$+$K8+$D$+$C$?$N�(B
> �$B$G$9$,!"$A$g$C$H�(BWeb�$B$GC5$7$?HO0O$G$O8+$D$+$j$^$;$s$G$7$?!#$`$%!&!&!&�(B
RFC264 �$B$O�(B typewriter �$B$GBG$?$l$?$=$&$G$9!#EE;R%F%-%9%HHG$OB8:_$;$:!"�(B
�$BCx
�$B$40U8+$446A[$d8m$j$N;XE&!"4XO"$9$k>pJs$r4?7^$7$^$9!#�(B
�$BEOn49n9(�(B
katsu@watanabe.name