Is it FZ, my FTP Server, or my Firewall?!?
Posted: 2004-04-07 02:21
-----BEGIN SOMEWHAT RELATED QUESTION-----
I've recently moved from Cable to DSL. My old Cable ISP blocked all incoming well-known ports as a "security feature", however my current DSL connection does not. When using the Cable ISP, I confirgured my firewall to forward port 2121/tcp to port 21/tcp of the FTP Server on my internal network . All was well with anyone who was permitted to connect.
Now that I am on DSL, it seems that some people, especially those who use Linksys routers, cannot get a directory listing from my FTP server, although they can sucessfully connect. I have no problems from my connection @work (non-Linksys) whatsoever. So, I edited the port forwarding rule from 2121/tcp to 21/tcp and all is well for clients behind Linksys routers. Is this an issue specific to Linksys, my DSL connection, or something else? It doesn't make much sense to me.
-----END SOMEWHAT RELATED QUESTION-----
When a FZ client connects to my FTP server running on port 21, Snort logs the following IDS events:
Is this an undesired effect of using the Keep Alive system, or possibily from configuring FZ to use multiple connections?
-TheAngryPenguin
I've recently moved from Cable to DSL. My old Cable ISP blocked all incoming well-known ports as a "security feature", however my current DSL connection does not. When using the Cable ISP, I confirgured my firewall to forward port 2121/tcp to port 21/tcp of the FTP Server on my internal network . All was well with anyone who was permitted to connect.
Now that I am on DSL, it seems that some people, especially those who use Linksys routers, cannot get a directory listing from my FTP server, although they can sucessfully connect. I have no problems from my connection @work (non-Linksys) whatsoever. So, I edited the port forwarding rule from 2121/tcp to 21/tcp and all is well for clients behind Linksys routers. Is this an issue specific to Linksys, my DSL connection, or something else? It doesn't make much sense to me.
-----END SOMEWHAT RELATED QUESTION-----
When a FZ client connects to my FTP server running on port 21, Snort logs the following IDS events:
Code: Select all
Date: 04/06 13:01:13 Name: FTP command overflow attempt
Priority: 3 Type: Generic Protocol Command Decode
IP info: <ftp.client>:18892 -> <ftp.server>:21
References: 1
Date: 04/06 13:01:24 Name: FTP wu-ftp bad file completion attempt [
Priority: 2 Type: Misc Attack
IP info: <ftp.client>:18892 -> <ftp.server>:21
References: 1 2 3
Date: 04/06 13:01:32 Name: FTP wu-ftp bad file completion attempt {
Priority: 2 Type: Misc Attack
IP info: <ftp.client>:18892 -> <ftp.server>:21
References: 1 2 3
-TheAngryPenguin