Re: Windows XP and FTP

["Fabien Degouet" <fdegouet () conthackto com mx>]

Hi guys,

I do not use the XP's firewall but it looks like a really common issue with
ftp.
Just a quick refresh about FTP:
    - FTP opens a "command" session through port 21/tcp, this session will
stay alive until you get disconnected. All the others are opened and closed
for every command you pass.
    - For every command you enter, the result is transfered through an
aditionnal session that can be opened in 2 different ways:
                1- Active mode (default for XP's native ftp client):
                 Through the command PORT the client will say to the server
where it waits for DATA connection. The server then connects to this dynamic
port                         (from source port 20/TCP - ftp-data) and gives
the result to the command (listing, file, etc).
                2- passive mode (you switch with the PASV command or
passive, you can change this in the IE options I think)
                The SERVER sends the PORT command with the port it will open
for the DATA connection. The CLIENT will then connect and both ports
(source/dest) are dynamic. This was used to solve the problem with some
stateful firewalls that did not let go through the incoming DATA sesion in
active mode.

The XP's firewall blocks every "new" incoming session, and even if you say
let ftp (21/tcp) go through you can still have some trouble if XP's fw can
not dynamically read the PORT command and open the port for you. A passive
FTP should be the solution as all the sessions are from the client. I think
you change the default behaviour in the IE options.

I hope this helps,

Fabien

The ftp.exe of XP does
----- Original Message ----- 
From: <koremeltdown () hotmail com>
To: <security-basics () securityfocus com>
Sent: Monday, January 09, 2006 7:10 PM
Subject: Windows XP and FTP


> Hi there list,
>
> I have come accross something that I am not sure how to tackle.
> I have Windows XP (as do many of my clients) and have noticed something
strange.
> When trying to access my server(s) via FTP, when Windows (XP Pro) Firewall
is turned on, you cannot perform this task. Sometimes it has problems
resolving the hostname, sometimes it just doesn't connect at all.
> When disabling Windows Firewall FTP works fine, however when just enabling
FTP Access via the firewall configuration it doesn't seem to want to work.
My XP using clients seem to be having the same problem.
> I could ask all of my XP using clients to just disable their XP Firewall
when uploading their websites via FTP, but I don't think the more savvy
customers would appreciate doing that (they are smart enough to realise what
it means to disable a firewall on todays internet).
> My question to the list is, does anyone know how to correctly configure XP
Firewall to get around this issue, or is disabling the firewall the only
way? I would like to include this in my FAQ, so the easier workthrough the
better.
> THanks guys and gals!
>
> Kindest of regards,
>
> Hamish Stanaway, Director
>
> Absolute Web Solutions (New Zealand) Limited
> http://www.absolutewebhosting.biz/
>
> --------------------------------------------------------------------------
-
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------