>I never agreed with it, but one >of their reasons to open this was passive FTP. Their reason was a lot of >the sites that were visited used Passive FTP, that randomly uses any port >above port 1024.
Why not just restrict the ip ranges to a few hundred (thousand) ports? This is explained in the active vs passive ftp site, http://slacksite.com/other/ftp.html under the topic ftp appendix. Gregory Class Univ. of Washington
