Firewalls: New ftp behavior

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	New ftp behavior
From:	dharris @ kcp . com
Date:	Thu, 23 Oct 1997 11:18:12 -0500
To:	mbloomer @ kcp . com, sralstin @ kcp . com, firewall-wizards @ nfr . net, firewalls @ greatcircle . com
Cc:	cbailey @ kcp . com, dmchugh @ kcp . com

This one is new to me so I don't know what to do about it.

I had a customer trying to use Netscape Navigator to download a file 
through an ftp:// URL on a Web page at a vendor site. They received the 
error

   FTP File Transfer Failed: The FTP request could not be completed because 
   the server is responding in an insecure manner. 

I checked the logs and discovered that, although the original ftp 
connection was made to xxx.xxx.xxx.yyy, the response was coming from 
xxx.xxx.xxx.zzz.  The firewall very properly considered this an attempt to 
hijack an open port and closed the ftp transaction.

What causes the remote site to behave this way?  It looks like the command 
portion of the ftp transaction is done with xxx.xxx.xxx.yyy while the data 
portion is done with xxx.xxx.xxx.zzz. Maybe this is done for load-sharing, 
but it sure doesn't get past MY firewall.

                                Delmer

Follow-Ups:

New ftp behavior
From: Petri Virkkula <pvirkkul @ iki . fi>

Indexed By Date	Previous:	Re: R: Firewalls, and virus From: David Lang <dlang @ diginsite . com>
Indexed By Date	Next:	Re: Unlimited Users Firewalls From: "Billy Verreynne" <vslabs @ onwe . co . za>
Indexed By Thread	Previous:	Re: M$ PPTP over FWTK toolkit. From: "Alex A. Smirnoff" <ark @ convey . ru>
Indexed By Thread	Next:	New ftp behavior From: Petri Virkkula <pvirkkul @ iki . fi>