Firewalls: Re: To go with the discussion of FSP and version 2++

Firewalls
(May 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: To go with the discussion of FSP and version 2++
From:	Chris Johnston <chris @ cs . uchicago . edu>
Date:	Tue, 18 May 93 17:48:28 CDT
To:	Firewalls @ GreatCircle . COM

Hello All,

    Let me see if I've got this right.  FTP proxy servers are good.
FSP repeaters are bad. :)

    IMHO Since neither FTP or FSP use cryptographic authentication,
you can never know who is at the far end. :)

    Could the FBI wire tap spread spectrum FSP repeaters? :)

    Do the available TCP proxy servers require one side of the
connection be inside the firewall and the other outside?

    If both the client and daemon FSP ports were "well known" would it
be secure?  Allegedly FSP presents a lighter load to the server and a
heavier load to the network.  Can it be fixed?

    Packet filtering "established" FTP connections is impossible since
it uses two channels.  FTP requires a separate server process for each
connection.

    Clearly both FTP and FSP have drawbacks, perhaps it really is time
to reinvent this service.  How about a new file transfer service that
only uses one channel, behaves well on slow links, has high
throughput, presents a light load to the server, authenticates the
user and encrypts the payload.

regards,
cj
312-786-4889

Indexed By Date	Previous:	[no subject] From: "A.Bygrave" <max @ buckscollege . ac . uk>
Indexed By Date	Next:	Turning off packet forwarding on SCO Unix V.3.2.4 From: Tony Carrato <carrato @ mhinfo . com>
Indexed By Thread	Previous:	Re: To go with the discussion of FSP and version 2++ From: chk @ alias . com (C. Harald Koch)
Indexed By Thread	Next:	Public domain version of igateway From: lyle @ ceco . ceco . com (Lyle M. Holman)