Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: ftpd: the advisory version

Re: ftpd: the advisory version

From: Mikael Olsson <mikael.olsson_at_ENTERNET.SE>
Date: Sat, 8 Jul 2000 01:12:53 +0200

"D. J. Bernstein" wrote:
>
> [snip]
> Internet Explorer uses PASV. What makes you think that requiring PASV
> will noticeably increase
> the level of user annoyance at your firewall?

Because Internet Explorer 5 does NOT use PASV by default any more;
it defaults to PORT.
That is:
* If you set IE5 to display FTP as a "file explorer", it uses PORT.
  This is the default mode.
* If you set IE5 to "display FTP as a web page", is uses PASV.

Probably some geek coder thought "ah you can be active with file
explorer so we'll use active mode, while web pages are pretty passive
things, so we'll use passive mode".

Duh. 

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson@enternet.se
Received on Jul 10 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos