Re: The dreaded "Alternatives to NFS" question

From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 08/22/04

  • Next message: Atro Tossavainen: "Re: The dreaded "Alternatives to NFS" question"
    Date: 22 Aug 2004 09:12:20 GMT
    
    

    In article <barmar-C947A5.23032321082004@comcast.dca.giganews.com>,
    Barry Margolin <barmar@alum.mit.edu> wrote:
    >In article <cg8sn4$9oo$1@usenet.cso.niu.edu>,
    > Neil W Rickert <rickert+nn@cs.niu.edu> wrote:
    >> elvis@notatla.org.uk (all mail refused) writes:
    >>
    >> >I'm not very interested in whether the client uses port 20
    >> >as it proves so little.
    >>
    >> You should be interested. It is the server that uses port 20,
    >> not the client.
    >>
    >> The client opens a socket to listen (on a random port). It sends the
    >> PORT command to the server advising it of the port to use. Anyone
    >> doing packet sniffing could find that port and connect to it. The
    >> server connects back using source port 20. The client should not
    >> accept connections from source ports other than 20, as a protection
    >> against being sent bogus data.
    >
    >But in practice I don't think most clients check this. Shouldn't the
    >client also check that the connection is coming from the FTP server
    >address, and isn't that likely to provide about the same level of
    >protection?

    Yes. Also, binding is to the LOCAL port, and not the remote one,
    and therefore there is no reason (in theory, at least) why a socket
    cannot be bound once and used for many transfers. Now, the whole
    socket area is so appallingly specified that it is possible that
    there is no way to do that and match FTP's other requirements, but
    I am pretty sure that is not so (at least on some systems). To be
    absolutely certain, I should have to write code and experiment
    with a wide variety of systems, but man page entries like the
    following make me think that I am right:

           Send, sendto, and sendmsg are used to transmit a message
           to another socket. Send may be used only when the socket
           is in a connected state, while sendto and sendmsg may be
           used at any time.

           The address of the target is given by to with tolen speci-
           fying its size. ...

    It is certainly possible that I might be misremembering the second
    class of FTP use, and that the implementation I describe is not a
    correct implementation of the FTP protocol. But I don't think so.

    Regards,
    Nick Maclaren.


  • Next message: Atro Tossavainen: "Re: The dreaded "Alternatives to NFS" question"

    Relevant Pages

    • Re: iptables blocking ftp clients
      ... > I am running a zope FTP server on port 8021 on a host that is running ... > access the server fine, so there is no problem with the server. ... > I expect this to handle ftp requests made externally from a client ...
      (comp.os.linux.security)
    • Re: [fw-wiz] Variations of firewall ruleset bypass via FTP
      ... attack" isn't limited to "class of attack against FTP." ... > Client connects to server and logs on normally, ... > Client: CWD PORT 1,2,3,4,5,6\r\n ...
      (Firewall-Wizards)
    • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
      ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
      (Debian-User)
    • Re: Remote Connection Issue
      ... through port number 3389 and a workstation on the LAN through port number ... I understand that you want to allow a LAN client ... and you have configured server publishing rule ... > By default Terminal Server and Windows 2000 Terminal Services uses TCP ...
      (microsoft.public.windows.server.sbs)
    • Re: Ideas on solving the file transfer problem
      ... Port 21 may be the default port for FTP, ... Regarding the client, it's possible ... PORT command from the client to the server, ...
      (comp.programming)