Home page logo

basics logo Security Basics mailing list archives

RE: Passive FTP
From: <Tim.BUTTON () Dest gov au>
Date: Wed, 1 Jun 2005 08:23:43 +1000 (EST)

It will depend on if your firewall does stateful inspection or not and
how it handles FTP in general.  FW1, Gauntlet, Sidewinder and Cyberguard
all inspect the FTP traffic and are able to recognise the outgoing data
connection from the client to the server - therefore, the only rule you
need to add is the one to allow the client to go outbound to the server
on 21. I'm unsure about devices such as Pix.

FWIW, I've found most devices actually handle passive better than they
do active....


-----Original Message-----
From: Roberto Alcantara [mailto:roberto () fortalnet com br] 
Sent: Tuesday, 31 May 2005 23:09
To: security-basics () securityfocus com
Subject: Passive FTP

Guys, to able my FTP users in passive mode need I realy accept in my 
firewall connections from 1024-65535 ports ?

Best regards,

The information contained in this e-mail message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege.  If you are not the intended recipient any use,
disclosure or copying of this e-mail is unauthorised.  If you have received
this e-mail in error, please notify the sender immediately by reply e-mail
and delete all copies of this transmission together with any attachments.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]