[4796] in WWW Security List Archive
FW: tcp/ip ports to enable on NT, to allow ftp access from browser
daemon@ATHENA.MIT.EDU (Fred Patton)
Thu Mar 13 11:32:27 1997
From: Fred Patton <fpatton@elecede.com>
To: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
Date: Sat, 8 Mar 1997 12:55:12 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
-----Original Message-----
From: Fred Patton
Sent: Saturday, March 08, 1997 12:54 PM
To: 'Laurent O. F. Fough, Mgr. Web Development'
Subject: RE: tcp/ip ports to enable on NT, to allow ftp access from
browser
I've just encountered that difficulty as well. When connecting
through the browser, data port 20 hands to request to another port,
typically over 1024. There are some registry settings for IIS, and
FTP in particular. I have not found different configuration options
to avail in this matter. From what I have gleaned, the browser
implementation of the FTP protocol is rather shallow, and definitely
incomplete, particularly when it comes to security. In my case, I
re-thought my particular needs. I have two types of FTP clients: 1)
pure consumers of information (simple downloading), and 2) those which
have upload requirements, and thus, access to space on my server. For
group 1, there is no necessity to go through FTP with a browser, such
as ftp://username:password@myplace.com when password-protected
sections of the site can provide the exact same service. On the other
hand, I leave true FTP clients (non-browsers) the option of going
through FTP for the same information. With group 2, for uploading,
they are not using a browser to begin with, and since browser FTP is a
security issue, I wouldn't want to let them anyway. As you noted,
there is no difficulty for them, as they use a true FTP client. They
solved it for me. I am interested to know anything else others have
to say on the subject. I don't doubt the possibilities of alternative
solutions or workarounds, but the way I see it, I don't seem to
absolutely require them in my case. Best of luck.
Cheers.
F. Patton
-----Original Message-----
From: Laurent O. F. Fough, Mgr. Web Development
[SMTP:lfough@caribfx.com]
Sent: Friday, March 07, 1997 10:43 AM
To: WWW-Security
Subject: tcp/ip ports to enable on NT, to allow ftp access from
browser
I am currently enable tcp/ip port filtering on an NT box, running
4.0.
The problem when I enable only ports 20,21,80 & 81(the standard ftp
and
http ports), I can connect using HTTP(WWW), and FTP(using DOS & UNIX
clients).
Problem: I cannot connect to the machine's ftp port using a browser.
Can someone enlighten me as all the ports needed for correct &
efficient
access to a site that only provides mail, ftp and http service.
P.S.: I am using the Windows NT Security Handbook and it is not
proving
to be very useful, there is a listing of available ports, but no
specific info. on the needed or integral ones.
Thanks in advance.
Regards,
Laurent
