Re: ZoneAlarm blocks FTP apps

From: Wolfgang Kueter (wolfgang_at_shconnect.de)
Date: 01/21/05

• Next message: nick: "Re: Linux PC cannot ping, but Windows can?"
• Previous message: achi: "Zyxel Prestige 660H: Access server by global ip address"
• In reply to: in2minds: "Re: ZoneAlarm blocks FTP apps"
• Next in thread: Casey: "Re: ZoneAlarm blocks FTP apps"
• Reply: Casey: "Re: ZoneAlarm blocks FTP apps"
• Reply: Matt Beckwith: "Re: ZoneAlarm blocks FTP apps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 21 Jan 2005 17:26:14 +0100

in2minds wrote:

>> For the record, in the "Firewall" section of ZoneAlarm: if I select
>> "Medium"
>> for the Internet Zone Security, then FTP works. It's only when I
>> leave it on
>> the (default) setting of "High" that it blocks FTP from listing site
>> contents.
>>
>
> it's not ZA,

Wrong.

> it's more than likely the remote server blocking your
> access because it can't do reverse DNS (or so I've been told).

Complete Nonsense.

> ZA set on High hides your IP address, so you'll just have to set it to
> medium when you're FTPing...

Again: Complete nonsense. If you IP is hidden, you don't get back a single
packet from any computer using whatever protocol. It is a problem that has
to do with the fact, that ftp use two (!) connections (command and the data
channel) using different ports and that there are two possibilities (active
and passive mode) about how the connection properties for the data channel
are handled and set up between client and server. When using active mode,
the client becomes the server and you need to allow an incoming connection
to Port 20.

> ... I have the same problem

which is that have no clue. Play around with ftp connecttions using both
modes and sniff the traffic. Read the RfC describing the ftp protocol,
analyse the results from your sniffer.

Wolfgang

---

• Next message: nick: "Re: Linux PC cannot ping, but Windows can?"
• Previous message: achi: "Zyxel Prestige 660H: Access server by global ip address"
• In reply to: in2minds: "Re: ZoneAlarm blocks FTP apps"
• Next in thread: Casey: "Re: ZoneAlarm blocks FTP apps"
• Reply: Casey: "Re: ZoneAlarm blocks FTP apps"
• Reply: Matt Beckwith: "Re: ZoneAlarm blocks FTP apps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: FTP Server setup... Im so close! ... > I have installed the Internet Information Services, etc, and have the FTP ... Your external client is trying to use Passive Mode. ... Since your server is behind NAT, ... (microsoft.public.windowsxp.network_web) Re: Microsoft FTP Server problem on W2K? ... I have technical responsibility for this FTP implementation, ... Since PASV voids PORT, the client side ... connect to the server from" isn't implied by the text of the RFC. ... (microsoft.public.inetserver.iis.security) Re: Windows XP FTP Server time out errors with FTP clients ... FTP server will not work with certain FTP clients ... > mainly internet explorer's FTP client. ... > connection from the client but when they run a dir or any ftp command ... (microsoft.public.windowsxp.network_web) [NEWS] Directory Traversal Vulnerabilities in FTP Clients ... vulnerable to certain directory traversal attacks by modified FTP servers. ... file/directory permissions and the privilege level of the client. ... A malicious server could potentially overwrite key files to cause a denial ... your vendor, or the associated CERT vulnerability note, if your product is ... (Securiteam) Re: Configure ISA to allow ISA Server to make external FTP Connect ... your Server name and select properties, Installation mode is listed at the ... client, as well as being all three at the same time. ... This means that the workstation has the proxy server details ... Enter the name 'FTP Access', press next twice, from the drop down box ... (microsoft.public.isa.configuration)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)