Re: Another port forwarding question

From: Richard E. Silverman (slade@shore.net)
Date: 03/02/02

• Next message: joe@invalid.address: "Re: Another port forwarding question"
• Previous message: Richard E. Silverman: "Re: From the begining with ssh..PLEASE HELP!!"
• In reply to: joe@invalid.address: "Another port forwarding question"
• Next in thread: joe@invalid.address: "Re: Another port forwarding question"
• Reply: joe@invalid.address: "Re: Another port forwarding question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: slade@shore.net (Richard E. Silverman)
Date: 02 Mar 2002 17:34:15 -0500

>>>>> "joe" == joe <joe@invalid.address> writes:

    joe> From the ftp session I list the directory and get a file. I've
    joe> been capturing the session in a third window with tcpdump. When I
    joe> look at the tcpdump output I can see the directory listing and
    joe> the file I transferred in plain text. Same thing happens with and
    joe> without passive mode.

    joe> Anyone see what I'm doing wrong? Suggestions, slap upside the
    joe> head, etc welcome.

The only thing wrong is your expectations. The FTP protocol uses separate
TCP connections on dynamically-determined ports for data transfers (which
includes directory listings). Passive mode simply changes the direction
of these connections. Because of this (and other features), FTP is not
amenable to simple port forwarding. Your setup will only protect the FTP
control channel (which includes your password, so that's something).

There are SSH clients with FTP-specific forwarding, that munge the control
channel traffic and establish forwarding channels as needed to handle
FTP. The ssh.com product is one of them.

-- 
  Richard Silverman
  slade@shore.net

---

• Next message: joe@invalid.address: "Re: Another port forwarding question"
• Previous message: Richard E. Silverman: "Re: From the begining with ssh..PLEASE HELP!!"
• In reply to: joe@invalid.address: "Another port forwarding question"
• Next in thread: joe@invalid.address: "Re: Another port forwarding question"
• Reply: joe@invalid.address: "Re: Another port forwarding question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Secure FTP ... Information About the IIS File Transmission Protocol (FTP) Service ... "Joe" wrote in message ... > However what am I supposed to see and how can I secure> this to use on a regular basis on the internet? ... (microsoft.public.inetserver.iis.ftp) Re: auto file transfer to a dmz ... Joe Letter wrote: ... > using ssl ftp to ensure security of the information stored on the ftp ... > I can think of a number of other uses for Cesar, ... (microsoft.public.backoffice.smallbiz2000) Re: Another port forwarding question ... > joe> From the ftp session I list the directory and get a file. ... > joe> been capturing the session in a third window with tcpdump. ... > control channel ... (comp.security.ssh) Re: perl rpm links needed - Suse 10 ... >> Hi Joe ... You need to add the additional sources in yast ... >> Protocol: ftp ... the word Authentication at the end.... ... (alt.os.linux.suse) RE: ftp ... >hi Joe, ... >Start Internet Explorer. ... for FTP sites check ... >> it directs me to a ftp instead of a http. ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2002-03