[15707] in bugtraq
Re: ftpd: the advisory version
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Mon Jul 10 04:23:41 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <396663F5.151F6210@enternet.se>
Date: Sat, 8 Jul 2000 01:12:53 +0200
Reply-To: Mikael Olsson <mikael.olsson@ENTERNET.SE>
From: Mikael Olsson <mikael.olsson@ENTERNET.SE>
X-To: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
"D. J. Bernstein" wrote:
>
> [snip]
> Internet Explorer uses PASV. What makes you think that requiring PASV
> will noticeably increase
> the level of user annoyance at your firewall?
Because Internet Explorer 5 does NOT use PASV by default any more;
it defaults to PORT.
That is:
* If you set IE5 to display FTP as a "file explorer", it uses PORT.
This is the default mode.
* If you set IE5 to "display FTP as a web page", is uses PASV.
Probably some geek coder thought "ah you can be active with file
explorer so we'll use active mode, while web pages are pretty passive
things, so we'll use passive mode".
Duh.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: mikael.olsson@enternet.se
