Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SFTP

from [Paul M.] Network Security [Permanent Link]
Subject: Re: SFTP
Date: Fri, 4 Nov 2005 03:54:34 -0500 
Your IDP/IPS could drop it depending on its policy. You would have to
see what signatures are set to drop/reject and what are set to log
only. Some proxy based or firewalls that do application level scanning
would also drop the connection if they were expecting FTP instead of
tcp/21 (and tcp/22).
-Paul

On 11/2/05, drobinson <drobinson@netfabric.net> wrote:

Thanks guys - got the picture now. Will IDP/IDS drop that traffic if it's 
under port 21? If my assumptions are correct... IDS will flag it, IDP will 
drop it and see it as an anomaly if it isn't profiled.

-Dave

On 01/Nov/2005 13:59:13, Robert Hajime Lanning  wrote:


You can move your SSH service to port 21, but this means that all
clients will need to
specifiy to connect to port 21.  Port 21 is allocated for FTP, not SSH.
Clients would have to "sftp -p 21 ...", instead of just "sftp ...".



-Does SFTP encrypt payload?


Yes



-Does it use UDP/TCP?


TCP only



-Can you fully utilize a given bandwidth (i.e. 512kbit circuit) with one

session?

Yes, with the constraint that the endpoints need enough power to
handle the encryption
overhead.  There are scaling issues for very high bandwidth (upwards
of DS3).  This
deals with blocking issues within the SSH tunnel and TCP window issues.

SFTP is not FTP.  It is a File Transfer Protocol, not THE File
Transfer Protocol.
It works by connecting to the SSH server.  Then once connected and
authenticated, it
requests a new channel with the SFTP service.  Everything is tunneled
across a single
SSH connection.  (A single TCP connection.)

So, SFTP runs on top of SSH.

The SFTP client mimics the look and feal of the standard FTP client
for ease of use.

Do not get it mixed up with FTPS.  FTPS is the legacy FTP with TLS
(Transport Layer Security) thrown in.  FTPS uses two TCP connections.  (Com
mand
and data)  FTPS cannot go through a state based firewall.  State based
firewalls look
into the command connection to find the negotiation for the data
connection.  When
it sees this, it can precreate a state for the data connection to
pass.  But, with FTPS
this negotiation is encrypted, so the firewall fails to allow the data
connection.

--
And, did Guloka think the Ulus were too ugly to save?
                                         -Centauri
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: denyhosts.py, Johnny Gisler
Next by Date:  Hostbased auth problem, Chris Bryant
Previous by Thread:  Re: SFTP, drobinson
Next by Thread:  Per-user public key/password selection possible?, Bjorn Steensrud
Indexes:  [Date] [Thread] [Top] [All Lists]