Bill Stout was interested in compiling a list of allowed commands in
specific proxies....I think this is a great idea!
-- Bill-- Here's some info for your list about Secure Computing Corp's
SideWinder Firewall and allowed FTP proxy commands.
Will try to also compile a list of which proxies are 'generic'
proxies, and what controls the specific proxies place on sessions
[time permitting of course]. Offhand, the POP3, WHOIS, AOL, gopher,
SSL, and NNTP proxies seem to be 'generic'. [--Secure Computing--feel
free to contribute anything that will help the rest of us understand
your product better!]
I think these are the commands that SCC's SideWinder 3.0.1 will allow
thru a transparent FTP proxy. [tested and snarfed from SideWinder
V3.0.1 patchlevel 1 FTP proxy]
XRMD, XPWD, XMKD, XCWD, XCUP, USER, TYPE, SYST, STRU, STOU, STOR,
STAT, SMNT, SIZE, SITE, RNTO, RNFR, RMD, RETR, REST, REIN, QUIT ,PWD,
PORT, PASV, PASS, NOOP, NLST, MODE, MKD, MDTM, MACB, LIST, HELP, DELE,
CWD, CDUP, APPE, ALLO, ACCT, ABOR
I am unsure what type of controls the proxy has on data passed along
with each of the commands...I don't think that it checks anything
other than a match of the FTP command [5char max?]....except with the
'user' command..'user' must also have a username parm before passing
off to FTP host.
SCC would not reveal this info to me, so a quick 'more' of the proxy
shows the above commands. All seem to be understood by the proxy
[even if unsupported at the dest. server]
It responds with things like:
'500 'nocmd': command not understood by Sidewinder proxy.'
for unknown commands.
Hope the info helps.
Anton Rager
Standard & Poor's Compustat
arager @
McGraw-Hill .
com
|
|
