Re: ftp passive mode

From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 03/25/05 

Date: Thu, 24 Mar 2005 22:14:06 -0500

In article <20050324210950.35e373c4.kevin@hotmail.com>,
 Kevin <kevin@hotmail.com> wrote:

> I'm not sure that passive mode really changes in the behaviour of
> an ftp client. I see that I connect using passive mode and I can
> login etc.
>
> However, commands such as ls and get don't work. I see my client
> sending packets to the server on high ports and they are getting
> dropped by the firewall.

Your firewall needs to allow high ports out. Or it must monitor the FTP
control connection and recognize the response to the PASV command, and
open the port that the server tells you to connect on.

>
> 66.242.33.151.21 > 64.109.151.192.4541: P 78:97(19) ack 37 win
> 1448 <nop,nop,timestamp 298195787 48978255>(DF)
>
> 64.109.151.192.4541 > 66.242.33.151.21: . ack 97 win 57456
> <nop,nop,timestamp 48978267 298195787> (DF) [tos 0x10]
>
> Until I log in, the communication is fine with samples of tcpdump
> above. When I issue an ``ls''. This happens:
>
> 64.109.151.192.4541 > 66.242.33.151.21: P 37:43(6) ack 97 win
> 57456 <nop,nop,timestamp 48984892 298195787> (DF) [tos 0x10]
>
> 66.242.33.151.21 > 64.109.151.192.4541: P 97:145(48) ack 43 win
> 1448 <nop,nop,timestamp 298262183 48984892>(DF)
>
> This is probably one of the packets telling which command is
> beind issued (I guess, I don't know).
>
> 64.109.151.192.4542 > 66.242.33.151.16859: S
> 2977579832:2977579832(0) win 57344 <mss 1460,nop,wscale
> 0,nop,nop,timestamp 48984896 0> (DF)
>
> Now my client is trying port 16859 which is probably getting
> dropped by the firewall. The next packets are all similar to this
> one... trying to get the other end to answer, until it times out.

That's how passive mode works. In active mode, the server would try to
connect to the client on a high port, in passive mode the client
connects to the server on a high port. 

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Relevant Pages

  • Re: ftp passive mode
    ... >> behaviour of an ftp client. ... >> passive mode and I can login etc. ... >> client sending packets to the server on high ports and they ... > Your firewall needs to allow high ports out. ...
    (comp.unix.questions)
  • RE: ftp passive mode
    ... The command line XP client doesn't do passive mode. ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list ...
    (Fedora)
  • [REVS] Backdoor Spotcom Analysis
    ... Spotcom is a backdoor client application that allows a hacker to control ... The server IP address is hard-coded in ... msrsvp.exe accepts a couple of command line arguments. ... the packet payload. ...
    (Securiteam)
  • [Full-disclosure] Multiple vulnerabilities in Toribash 2.71
    ... C] client unicode buffer-overflow in the SAY command ... D] server crash through uninitialized values ...
    (Full-Disclosure)
  • Multiple vulnerabilities in Toribash 2.71
    ... C] client unicode buffer-overflow in the SAY command ... D] server crash through uninitialized values ...
    (Bugtraq)