Re: vsftpd under Debian sarge

From: Fabio C. (fabio_at_non-existent.int)
Date: 01/31/05

• Next message: Christophe Vandeplas: "Re: php - inject code into $_SERVER['REMOTE_ADDR'] ?"
• Next in thread: Stevey: "Re: vsftpd under Debian sarge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 31 Jan 2005 18:31:28 +0100

Stevey wrote:
> Using NAT and ftp using SSL is a bit tricky from a firewall perspective
> since an active mode connection will not be handled automatically by the
> ftp connection tracking module since this data is passed over the
> ENCRYPTED communication channel. If you are getting connection refused,
> like you are, the firewall at the other end is obviously not playing
> ball. What FTP client are you using since I do NOT see any SSL
> handshake taking place. You are NOT using the shit one that comes with
> windows are you?! This FTP client doesn't SUPPORT FTP over SSL. Also do
> you NEED both channels encrypting or only the communication channel to
> protect user/pass info? If you dont need the data encryting you can
> tunnel using ssh, and run a normal FTP sever (proftpd/wuftpd etc) at the
> other end along with sshd.

I'm not using SSL and I don't mention connection encrypting in my
original post :-)

I'm also not getting connection refused since it closes the connection
after receiving the login user, that means it's some security policy
applied by the system or directly by vsftpd (but I assure the last
guess, since all other services are working fine - ssh, http and other
open ports -).

Probably the windows' ftp client is shit (please tell me why :-) but I'm
not using SSL, definitely.

> Its linked, OK.. but is it called from /usr/sbin/tcpd via some inetd
> mechanism?

vsftpd is started as standalone daemon and no wrapping is called inside
the configuration files.

Rgds,
Fabio

---

• Next message: Christophe Vandeplas: "Re: php - inject code into $_SERVER['REMOTE_ADDR'] ?"
• Next in thread: Stevey: "Re: vsftpd under Debian sarge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Not able to Ftp ... I was also looking at the missing challenge from the local security. ... Subject: Not able to Ftp ... 220 Connection will close if idle for more than 5 minutes. ... Search the archives at http://bama.ua.edu/archives/ibm-main.html ... (bit.listserv.ibm-main) Re: Not able to Ftp ... Subject: Not able to Ftp ... I have executed the given command: the output are as below: ... connection. ... Search the archives at http://bama.ua.edu/archives/ibm-main.html ... (bit.listserv.ibm-main) RE: Telnet/ftp problems SBS2000 ... Please make sure your client computers are configured as both Firewall ... will find two options "Enable folder view for FTP sites" and "Use Passive ... that the control connection has been successfully established, ... (other than port 21) ... (microsoft.public.windows.server.sbs) Re: IPSwitch, Inc. WS_FTP Server ... > bounce attack as well as PASV connection hijacking. ... > The FTP bounce vulnerability allows a remote attacker to cause the ... > anonymously along with any internal addresses that the FTP server has ... That means it's got to handle a PORT ... (Bugtraq) FTP over SSL on AIX ... We need to receive one file daily from a bank; ... - ftp client over ssl ... I think if I had an ftp client over ssl - other than curl - ... (AIX-L)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2005-02