RE: Passive FTP

From: Roberto Alcantara (roberto_at_fortalnet.com.br)
Date: 06/01/05

  • Next message: Nathan House: "Credit Card Crack Down"
    Date: Wed, 1 Jun 2005 08:31:46 -0300 (BRT)
    To: security-basics@securityfocus.com
    
    
    

    Thank you of your and all others answers.

    I will look more about proftp and vftp config to see about IP range to
    passive mode.

    Best regards,
           Roberto Alcântara

    On Wed, 1 Jun 2005 Tim.BUTTON@dest.gov.au wrote:

    >
    > It will depend on if your firewall does stateful inspection or not and
    > how it handles FTP in general. FW1, Gauntlet, Sidewinder and Cyberguard
    > all inspect the FTP traffic and are able to recognise the outgoing data
    > connection from the client to the server - therefore, the only rule you
    > need to add is the one to allow the client to go outbound to the server
    > on 21. I'm unsure about devices such as Pix.
    >
    > FWIW, I've found most devices actually handle passive better than they
    > do active....
    >
    > Cheers
    > Tim
    >
    >
    >
    > -----Original Message-----
    > From: Roberto Alcantara [mailto:roberto@fortalnet.com.br]
    > Sent: Tuesday, 31 May 2005 23:09
    > To: security-basics@securityfocus.com
    > Subject: Passive FTP
    >
    > Guys, to able my FTP users in passive mode need I realy accept in my
    > firewall connections from 1024-65535 ports ?
    >
    > Best regards,
    > Roberto
    >
    >
    > Notice:
    > The information contained in this e-mail message and any attached files may
    > be confidential information, and may also be the subject of legal
    > professional privilege. If you are not the intended recipient any use,
    > disclosure or copying of this e-mail is unauthorised. If you have received
    > this e-mail in error, please notify the sender immediately by reply e-mail
    > and delete all copies of this transmission together with any attachments.
    >
    >
    >

    -- 
       Roberto Alcantara Filho          e-mail:  roberto@fortalnet.com.br
       Técnico de CPD , FORTALNET       url:  http://www.fortalnet.com.br
       Provedor de Acesso à Internet    fone/fax:      (+55) 85 4005 8000
    

  • Next message: Nathan House: "Credit Card Crack Down"

    Relevant Pages

    • RE: FTP Client issues
      ... when I use FileZilla or smartFTP, ... 227 Entering Passive Mode. ... > after logging on the FTP server: ... > | Thread-Topic: FTP Client issues ...
      (microsoft.public.windows.server.sbs)
    • Re: FTP on IIS6.0 Not Working
      ... can you login via ftp.exe to your IIS server? ... >From a remote machine using ftp.exe I can login and it accepts my password. ... (that's without passive mode checked...with passive mode checked it just ... server seem to indicate that I successfully logged in to ftp, ...
      (microsoft.public.inetserver.iis.ftp)
    • Odd ftpd Problem
      ... My ftpd server fails when requesting passive mode from an internet client, ... I have a separate multi-homed server for the network firewall. ... except for the ftp passive mode. ...
      (linux.redhat.misc)
    • Re: FTP server behind a PF firewall (including NAT)
      ... > Thank you, but I have a working PF configuration for FTP clients, both ... > for active and passive mode. ... > this firewall) that allows both active mode and passive mode clients. ... > Active-mode transfers are the easiest (again, allow connections to all ...
      (comp.unix.bsd.freebsd.misc)
    • Re: VSFTP in passive mode
      ... When I FTP into the site I get connected but when I ... If I exit passive mode by entering "pass" the directory comes across. ... with them having to accept incoming connections ... originating from port 20 of the FTP server they're connecting to. ...
      (alt.os.linux.redhat)