Vulnerability Development mailing list archives
Re: PORT or PASV mode of IIS 4.0's FTP
From: Adam Prato <sirsyko () MERGIOO ISHIBOO COM>
Date: Thu, 3 Aug 2000 00:17:05 -0400
On Wed, Aug 02, 2000 at 06:30:01PM -0400, C. K. Lung wrote:
What is the "mode" of a FTP server running on MS IIS 4.0 w/sp6a? Is it "normal/standard", "passive" or both? Can it be configured by the administrator? How about the ftp client comes Solaris? Is "normal", passive or both? The ftp client is trying to "get" 15,000 1-K files from the IIS's FTP server, the connection is killed by FW-1 after it got 100 files. The fw-log shows that when the client's "source port" hit a "pre-defined service (port) in the rulebase, the connection is dropped. CP explained that FW-1 thought that it was a security violation. Talked to many people at work, no-one could offer any explanation. Any pointers are appreciated. Thanks, CLUNG
wether its "passive" or "active" is a function of the client, not the server. A server *could* be configured to not accept passive, or active, or both. Please investigate how ftp works for more information. Reading either Kit Knox or Hobbit's FTP white papers should give you more insight into the issues regarding ftp. But in a nutshell: passive ftp = the following commands PASV <transfer command> active ftp = the following commands PORT A,B,C,D,X,Y <transfer command> The difference between the PASV and the PORT command is: who is the "client" socket and who is the "server" scoket. In the case of PASV, the FTP SERVER becomes the "server socket". This means that the ftp client connects to the ftp server, and the ftp server sends the data. In the case of the PORT command the FTP CLIENT becomes the "server socket". This means that the ftp server connects to the ftp client, then the ftp server sends the data. <transfer command> is either STOR, RECV, NLST, and others. If *none* of this makes sense, search altavista for the papers written by Kit Knox or Hobbit, or even peruse the FTP protocol specification. Or even better yet, invest some money in the W. Richard Stevens books on network programming (not directed specifically at you, directed at the learning community). <ss>
Current thread:
- PORT or PASV mode of IIS 4.0's FTP C. K. Lung (Aug 02)
- Re: PORT or PASV mode of IIS 4.0's FTP Adam Prato (Aug 02)
- Re: PORT or PASV mode of IIS 4.0's FTP Adam Prato (Aug 03)
- Re: PORT or PASV mode of IIS 4.0's FTP Dug Song (Aug 03)
- Re: PORT or PASV mode of IIS 4.0's FTP Todd Garrison (Aug 03)
- Re: PORT or PASV mode of IIS 4.0's FTP Makoto Shiotsuki (Aug 08)
- Re: PORT or PASV mode of IIS 4.0's FTP Adam Prato (Aug 02)