Thanks for that Benjamin...That was a good explanation, I now fully
understand
Robert Rutherford
MIS Department - DEK International GmbH
+44 (0)1305 208232
+44 (0)7970 122362
Benjamin Scott
<[EMAIL PROTECTED]> To: "NT 2000 Discussions"
<[EMAIL PROTECTED]>
Sent by: cc:
bounce-nt2000-235971@ls Subject: RE: FTP problem
.swynk.com
06/04/2002 19:32
Please respond to "NT
2000 Discussions"
On Fri, 5 Apr 2002, at 12:31pm, Morgan, Joshua wrote:
> Some clients expect the server to set the return port number, while
others
> expect a return over a consistent port.
Your explanation is incorrect.
Under "normal" operation, the server listens on well-known TCP port 21
(ftp) for new connections. Clients initiate connections to that port, and
use that connection as the "control channel". When a data transfer (PUT,
GET, LIST, etc.) is performed, the client sends a PORT command. The PORT
command specifies a ephemeral TCP port the *client* will listen on. The
server initiates a connection to that port, with a well-known *source* port
of 20 (ftp-data). This is the "data channel".
Client Server
*| ----- control-channel ----> |21
| | * = ephemeral port
*| <---- data-channel -------- |20
This was considered "secure" when FTP was designed, back in the good old
days. Back then, everyone administering a system on the Internet knew each
other. Since all those systems only allowed "trusted" programs to initiate
connections from ports less than 1024, anything coming from a source port
less than 1024 was considered "trusted".
Today, of course, that is not true. Even worse, since the design
requires
arbitrary connections from *outside* your network be allowed *in*, it is
impossible to implement on a stateless firewall, and even with a stateful
firewall, many people consider it unacceptable, for a variety of reasons.
So they invented passive mode. The term "passive" applies to the server.
The client sends a PASV command, and the server responds with an ephemeral
port on the server. The client then initiates a connection to that port to
create the data channel.
Client Server
*| ----- control-channel ----> |21
| | * = ephemeral port
*| ----- data-channel -------> |*
Hope this helps!
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not
|
| necessarily represent the views or policy of any other person, entity or
|
| organization. All information is provided without warranty of any kind.
|
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to %%email.unsub%%
********************************************************************************************
This E-mail and any files transmitted with it are in commercial
confidence and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this E-mail in error
please notify the Administrator by E-mail ([EMAIL PROTECTED]).
Any views or opinions expressed are solely those of the author and do
not necessarily represent those of DEK Printing Machines Ltd., or its affiliates.
********************************************************************************************
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
