Firewalls: Various FTPs

Firewalls
(October 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Various FTPs
From:	padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date:	Thu, 12 Oct 95 21:20:04 -0400
To:	"firewalls @ greatcircle . com"@UVS1.dnet.mmc.com

I agree with Marcus concerning the probloms in FTP & possibly IPV6
will repair/replace it. For now I suspect that the answer is a
Firewall that will only allow an Inward port 20 connection if
the inside node already had a port 21 outward connection (No, I
do not mean via "established" I mean the firewall should beep track
of what connections exist).

This will work with current systems without retrofit.

Now on reclection I suspect macrosloth is different from the IWI site
(Marcus' code) since the lockup occurs on connection before I even
have a chance to issue PASV - that worked  to IWI.
						Warmly,
							Padgett

Follow-Ups:

Re: Various FTPs
From: "Mark A. Fullmer" <maf @ net . ohio-state . edu>
Re: Various FTPs
From: Scott Barman <scott @ Disclosure . COM>

Indexed By Date	Previous:	Re: NT FTP weirdness From: "Marcus J. Ranum" <mjr @ iwi . com>
Indexed By Date	Next:	New Scientist letter From: Steve Kennedy <steve @ gbnet . org>
Indexed By Thread	Previous:	FireWall-1 from Sun version 1.2.1 From: Shane Kinsch <shane . kinsch @ wichita . brite . com>
Indexed By Thread	Next:	Re: Various FTPs From: Scott Barman <scott @ Disclosure . COM>