[15679] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: ftpd: the advisory version

daemon@ATHENA.MIT.EDU (D. J. Bernstein)
Fri Jul 7 15:49:13 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <20000706182014.27509.qmail@cr.yp.to>
Date:         Thu, 6 Jul 2000 18:20:14 -0000
Reply-To: "D. J. Bernstein" <djb@CR.YP.TO>
From: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@SECURITYFOCUS.COM

monti writes:
> *allowing* other than src-20 active data connections through a firewall,

Why are you allowing PORT-style FTP through your firewall? See RFC 1579.
Can I scan port 6000 on your hosts if I set my source port to 20?

Netscape uses PASV. The OpenBSD ftp client uses PASV. The Linux ftp
client uses PASV if you give it the -p option. Internet Explorer uses
PASV. What makes you think that requiring PASV will noticeably increase
the level of user annoyance at your firewall?

---Dan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15679] in bugtraq

Re: ftpd: the advisory version

daemon@ATHENA.MIT.EDU (D. J. Bernstein)Fri Jul 7 15:49:13 2000

daemon@ATHENA.MIT.EDU (D. J. Bernstein)
Fri Jul 7 15:49:13 2000