Re: active ftp through firewall

From: Jason LaRue (aqdqmqiqnq_at_iqnteluser.no-ip.info)
Date: 05/20/04

• Next message: Jason LaRue: "Re: Windows program for creating "quarantine" / "sandboxed" folders"
• Previous message: Bill Unruh: "Re: Buffer Overflow. What is it?"
• In reply to: Pamela: "active ftp through firewall"
• Next in thread: Barry Margolin: "Re: active ftp through firewall"
• Reply: Barry Margolin: "Re: active ftp through firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 May 2004 01:04:44 GMT

dey_indrani@hotmail.com (Pamela) wrote in
news:2f097839.0405191110.7c4d5b8c@posting.google.com:

> I am trying to send PORT command to a ftp server from the firewall
> machine. I am sending the puclic ip address to the ftp server. Looks
> like port command is successfull because I get status = 200 for it.
> But after that ftp server unable to initiate data connection to that
> port.
>
> I am able to do data connection using passive connection to this ftp
> server but not able to make active connection.

Here's what going on:

When you send the PORT command, the server tries to connect
to your computer (as if you were running a server) on that
PORT. However, your firewall is blocking the connection from
the FTP server.

FTP Server Your system

21 Control <-----------Step 1---------------OUT to Server
                          <-------PORT xxxxx---------------OUT to Server
20 DATA------------------------------>Your system, port xxxx
                                                ^^^^^^
                                      Incoming connection blocked by Firewall

You must tell your firewall to allow the inbound connection.
However, in their infinite wisdom, the creators of FTP made
the active connection use a RANDOM port on your computer.
Some FTP clients (such as filezilla) allow you to restrict
the ports that it uses for the PORT command.

• Next message: Jason LaRue: "Re: Windows program for creating "quarantine" / "sandboxed" folders"
• Previous message: Bill Unruh: "Re: Buffer Overflow. What is it?"
• In reply to: Pamela: "active ftp through firewall"
• Next in thread: Barry Margolin: "Re: active ftp through firewall"
• Reply: Barry Margolin: "Re: active ftp through firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Hacked? External address knocks on internal private address... ... The important part of your message is that FTP is allowed out... ... You open a connection to an FTP Server and logon. ... When you ask the server for a file the server issues a "PORT" command ... so it can open a port on the firewall to allow the incoming Data ... (comp.security.firewalls) [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ... (Securiteam) Re: Firewall blocks FTP attempts ... > FTP server and have specified this in the wizard. ... > ports, but the firewall still blocks it some way. ... > get some error message of illegal port connection with WS_FTP when I try ... (comp.os.linux.security) Re: IPSwitch, Inc. WS_FTP Server ... > bounce attack as well as PASV connection hijacking. ... > The FTP bounce vulnerability allows a remote attacker to cause the ... > anonymously along with any internal addresses that the FTP server has ... That means it's got to handle a PORT ... (Bugtraq) Re: SP2 Windows firewall and FTP dilemma ... The firewall does not block all inbound traffic - it blocks unsolicited ... If it blocked all traffic your Internet Explorer (port 80) ... Since you are connecting to the FTP server, ... I have turned on Windows ... (microsoft.public.windowsxp.network_web)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint