Re: Forward ftp request another server

From: Hugo van der Kooij (hvdkooij@vanderkooij.org)
Date: 07/13/02

Previous message: Cedric Blancher: "Re: Forward ftp request another server"
In reply to: SB CH: "Forward ftp request another server"
Next in thread: Seth Arnold: "Re: Forward ftp request another server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 13 Jul 2002 11:49:54 +0200 (CEST)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
To: Focus on Linux Mailing List <focus-linux@securityfocus.com>

On Fri, 12 Jul 2002, SB CH wrote:

> I would like to forward ftp request to other server's other port to improve
> the security. Is it possible?

The added protection is not that big. (If your ftp server is broken it
will take just a little longer to be broken into.)

> for example,
> I would like to forward ftp request using port 26 to 211.1.1.1 port 100 or
> same port(26).
> So, I configured like this(xinetd.conf) .But this is not work
>
> service ftp-proxy
> {
> flags = REUSE
> socket_type = stream
> protocol = tcp
> wait = no
> user = root
> groups = yes
> server = /usr/sbin/tcpd
> redirect = 211.1.1.1 26
> }
>
> Surely, any service which use just one port works well,
> but FTP use two port as you know.

Rewrite the FTP protocol. You need to be able to handle the specific
nature of FTP traffic and that will not work with just a port redirector.

BTW: There is no practical reason to use ftp for just about anything that
can not be solved by other protocols like SSH (encryption) or http
(simpeler from a network point of view).

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.

Previous message: Cedric Blancher: "Re: Forward ftp request another server"
In reply to: SB CH: "Forward ftp request another server"
Next in thread: Seth Arnold: "Re: Forward ftp request another server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Telnet/ftp problems SBS2000
... Please make sure your client computers are configured as both Firewall ... will find two options "Enable folder view for FTP sites" and "Use Passive ... that the control connection has been successfully established, ... (other than port 21) ...
(microsoft.public.windows.server.sbs)
SMART FTP
... Ftp Client To Smart How ... Active Mode Ftp Port Limit Smart ... Pro Keygen Ftp Smart Client ...
(sci.anthropology)
FTP transfer port
... FTP transfer port ... the FTP server "listens" for client connections on its port 21. ... it will establish a separate control connection and data connection with ...
(bit.listserv.ibm-main)
Re: Hacked? External address knocks on internal private address...
... The important part of your message is that FTP is allowed out... ... You open a connection to an FTP Server and logon. ... When you ask the server for a file the server issues a "PORT" command ... so it can open a port on the firewall to allow the incoming Data ...
(comp.security.firewalls)
Re: Question: FTP via alternate port
... The problem with FTP is that it requires two ports to operate. ... FTP command stream in order to dynamically open that port for the data ... Ideally the attacker would want to upload another tool onto the ...
(Pen-Test)