[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] FTP transfer issues - base.def
Having FTP issues with NG FP3, HF2, HFA_308 The two issues show up in the log as: port command ended without newline ...tried to open a known service port Because of this, many of our file transfers are failing. I have found the solution. It involves changing the base.def. The first error is a simple fix, I just need to change the line that looks for a new line in the same packet as the port command. The second is also a simple fix but it involves some risk. I will have to make the firewall accept ftp file transfers on ports that I have already assigned. At the top of the base.def, I will add #define NO_SERVER_PORT_CHECK The risk is that a hacker can now request a pre-defined port and get though to other stuff in our network. Here's my question to you: What do you think the likelihood of someone exploiting this risk is? If the risk is unacceptable, is there another solution? Daniel Samaan Technical Security Consultant CCSP, CCSE, CCNA, CCA, MCSE+I Cell:[email protected] --------------------------------------------------------------------- Forsythe Solutions 5440 W. Fargo Avenue Skokie, IL 60077 www.forsythe.com Delivering the Business Value of IT ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|