Home page logo
/

basics logo Security Basics mailing list archives

Re: Windows XP and FTP
From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Mon, 16 Jan 2006 08:36:56 +0000

Thanks so much Nick,

This is too what I thought - however I was hoping for a work around, or patch to fix this issue - it is going to be hard to explain to every client I have using XP that they will have to disable their firewalls - hopefully someone can shed some light on this issue for both of us.



Kindest of regards,

Hamish Stanaway, CEO

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com





From: nick <nick () mobilia it>
To: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
CC: security-basics () securityfocus com
Subject: Re: Windows XP and FTP
Date: Fri, 13 Jan 2006 09:58:26 +0100
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by bay0-mc2-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 15 Jan 2006 10:12:39 -0800 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mail.hotmail.com [65.54.244.40]) with ESMTP; Sun, 15 Jan 2006 09:49:36 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid C9D8023D7FD; Fri, 13 Jan 2006 11:04:54 -0700 (MST)
Received: (qmail 1928 invoked from network); 13 Jan 2006 08:37:39 -0000
X-Message-Info: JGTYoYF78jGdnwFcx9O+QyGqy8tZRvhafgQ3ZaoooPs=
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
References: <20060110011058.12554.qmail () securityfocus com> <20060111144644.A8561 () planetcobalt net>
X-Virus-Scanned: amavisd-new at mobilia.it
Return-Path: security-basics-return-37743-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 15 Jan 2006 18:12:39.0317 (UTC) FILETIME=[4517A450:01C619FF]

Ansgar -59cobalt- Wiechers wrote:
On 2006-01-10 koremeltdown () hotmail com wrote:

I have Windows XP (as do many of my clients) and have noticed
something strange. When trying to access my server(s) via FTP, when
Windows (XP Pro) Firewall is turned on, you cannot perform this task.
Sometimes it has problems resolving the hostname, sometimes it just
doesn't connect at all. When disabling Windows Firewall FTP works
fine, however when just enabling FTP Access via the firewall
configuration it doesn't seem to want to work. My XP using clients
seem to be having the same problem.


Looks like you (and your clients) are using FTP in active mode. In that
case the FTP server tries to establish the data connection to the client
which is then intercepted by the Windows Firewall. Try using passive
mode.

If you use the commandline FTP client: ftp.exe from Windows does only
support active mode IIRC, so use something like ncftp [1] instead.

[1] http://www.ncftp.com/

Regards
Ansgar Wiechers
I just dealt with a user who was unable to connect with XP and FTPX, but if they used the command line, it worked just fine. PASV mode didn't seem to make any difference. It's almost like the XP firewall doesn't keep ftp states. I use an iptables firewall to connect to the server (proftpd) and have 0 problems. When I had the user disable the windows firewall, it connected immediately. It's a recent problem, I have a feeling that MS changed the behaviour of the firewall recently, perhaps inadvertantly?

I recommended that the user try another firewall, but this seems like an MS problem...



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]