Re: Why does passive FTP work behind router/firewall?

From: Duane Arnold (notme_at_notme.com)
Date: 02/19/04

• Next message: chris_at_nospam.com: "Re: Using Old OS for Security"
• Previous message: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• In reply to: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• Next in thread: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• Reply: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 19 Feb 2004 06:15:37 GMT

Georges Heinesch <void@void.com> wrote in news:403452fa_1@news.vo.lu:

> ObiWan wrote:
>
>> Sorry for jumping here barefoot .. but afaict your router has SPI
>> this means that it is smart enough to recognize an FTP session
>> taking place and to open/accept all the needed connections
>> for the session to work, or ... that's what I strongly suspect :-)
>
> As far as I understood, SPI is a firewall feature, which prevents
> intrusion. Here some excerpt from the SMC manual:
>
> [
> ... When the SPI (Stateful Packet Inspection) feature is turned on, all
> incoming packets will be blocked except for those types marked with a
> check in the Stateful Packet Inspection section.
>]
>
> I don't think that SPI is analysing the packets with the aim to detect
> FTP outgoing packets with port information and PASV data transfer
> requests and to subsequently open relevant prots on the router.
>
> Is this not beyond the scope what SPI is menat for?
>
> TIA
>

Stateful Packet Inspection is another means of stopping unsolicted
inbound traffic from coming down a port, along with some other things.
PASV and FTP port mapping is not one of the functions.

Duane :)

---

• Next message: chris_at_nospam.com: "Re: Using Old OS for Security"
• Previous message: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• In reply to: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• Next in thread: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• Reply: Georges Heinesch: "Re: Why does passive FTP work behind router/firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: D-Link DI-804HV Router Firewall SPI Function ... A firewall that uses Stateful Packet Inspection ... Is this a router hardware problem or do I ... What does SPI mean? ... For every inbound packets of data/traffic or connection ... (comp.security.firewalls) Re: D-Link DI-804HV Router Firewall SPI Function ... A firewall that uses Stateful Packet Inspection ... Is this a router hardware problem or do I ... >> misunderstand the proper function of SPI? ... For every inbound packets of data/traffic or connection ... (comp.security.firewalls) Re: SPI? ... >> That is incorrect in this context. ... Does the router do Stateful packet inspection? ... > So I would guess that SPI doesn't stand for Stateful packet inspection - Not ... (comp.security.firewalls) Re: D-Link DI-804HV Router Firewall SPI Function ... A firewall that uses Stateful Packet Inspection ... Is this a router hardware problem or do I ... >> misunderstand the proper function of SPI? ... For every inbound packets of data/traffic or connection ... (comp.security.firewalls) Re: firewall trouble? ... router does not do SPI, ... Another part of the manual has this: "To use the firewall (SPI), ... to one of my private machines from accross the internet, ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2004-02