Re: active ftp through firewall
phn_at_icke-reklam.ipsec.nu
Date: 05/20/04
- Next message: Dana Harris: "Making cgi-bin non browsable"
- Previous message: Barry Margolin: "Re: active ftp through firewall"
- In reply to: jpd: "Re: active ftp through firewall"
- Next in thread: jpd: "Re: active ftp through firewall"
- Reply: jpd: "Re: active ftp through firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 May 2004 16:54:34 +0000 (UTC)
In comp.security.misc jpd <read_the_sig@do.not.spam.it> wrote:
> ["Followup-To:" header set to comp.security.unix.]
> On 2004-05-20, Barry Margolin <barmar@alum.mit.edu> wrote:
>> Firewalls are supposed to watch the traffic on the FTP command channel,
>> and notice when a PORT command goes through so that they can open up
>> that port for an inbound connection from the FTP server.
> And why do you suppose them to do so? A simple port blocking firewall
> does no such thing. Some firewalls (``application level'' I have in my
> head, but I might be wrong) can indeed do that, but it's by no means
> standard for everything that might be called a firewall.
Firewalls comes in many flavors. From the (too)simple ones who
can't keep state and/or do ftp up to "real ones".
I think the simple d-link 604 can do ftp, and that must be defined
as "entry-level". So any "firewall" that don't do ftp seems outdated.
> --
> j p d (at) d s b (dot) t u d e l f t (dot) n l .
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Next message: Dana Harris: "Making cgi-bin non browsable"
- Previous message: Barry Margolin: "Re: active ftp through firewall"
- In reply to: jpd: "Re: active ftp through firewall"
- Next in thread: jpd: "Re: active ftp through firewall"
- Reply: jpd: "Re: active ftp through firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
