[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FTP transfer issues - base.def
Port command ended without newline. I believe RFC calls for this, which is why it's enforced. Tell the company to fix their FTP program. Tried to open a known service port. RFC requires FTP to request ports above 1024 for transfers. I have seen this problem with ARIEL doing this, but it runs on ports 422/419 which are nonstandard as is. I had to create two rules, two inbound with specific ports, and an outbound with specific ports. This got around the FTP inspect code and still allowed me to control what it was doing. Here's my rules to handle ARIEL. Inbound Rule Any - ArielServers - 419 (proto type none) Any - ArielServers - 422 (proto type none) Outbound Rule ArielServers - Any - 419 (proto type FTP) If this is occurring on port 21/20 I would ask them to verify their FTP program, because it should work without any problems. Derek -----Original Message----- From: Daniel Samaan [mailto:[email protected]] Sent: Wednesday, October 29, 2003 8:43 AM To: [email protected] Subject: [FW-1] FTP transfer issues - base.def Having FTP issues with NG FP3, HF2, HFA_308 The two issues show up in the log as: port command ended without newline ...tried to open a known service port Because of this, many of our file transfers are failing. I have found the solution. It involves changing the base.def. The first error is a simple fix, I just need to change the line that looks for a new line in the same packet as the port command. The second is also a simple fix but it involves some risk. I will have to make the firewall accept ftp file transfers on ports that I have already assigned. At the top of the base.def, I will add #define NO_SERVER_PORT_CHECK The risk is that a hacker can now request a pre-defined port and get though to other stuff in our network. Here's my question to you: What do you think the likelihood of someone exploiting this risk is? If the risk is unacceptable, is there another solution? Daniel Samaan Technical Security Consultant CCSP, CCSE, CCNA, CCA, MCSE+I Cell:[email protected] --------------------------------------------------------------------- Forsythe Solutions 5440 W. Fargo Avenue Skokie, IL 60077 www.forsythe.com Delivering the Business Value of IT ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|