Network Security: Detailed info on Re: Passive sftp?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: Passive sftp?

from [Greg Wooledge] Network Security

[Permanent Link]

Subject:	Re: Passive sftp?
Date:	Wed, 5 Mar 2008 13:44:40 -0500

On Wed, Mar 05, 2008 at 09:03:07AM -0800, Bob Rasmussen wrote:

In the FTP protocol, "passive" means that only one connection is 
established, originating in the client. All trafic goes over this 
connection. (In non-passive FTP, the server opens a second channel back to 
the client.)


Actually, passive mode FTP does use a second channel for data transfers,
but it's opened in the opposite direction from the channel used in active
mode.  That is, the FTP server selects a "random" TCP port number, tells
it to the client, and then the client initiates the connection to that port.

Active mode works as you said: the client picks a "random" TCP port number,
listens on it, and tells the FTP server to connect to it.  This breaks
rather spectacularly when the client is firewalled preventing incoming
connections, or behind a NAT, etc.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Passive sftp?, Leroy Tennison Re: Passive sftp?, Bob Rasmussen Re: Passive sftp?, Greg Wooledge <= Re: Passive sftp?, Tom Lobato Re: Passive sftp?, Charles Ritter Re: Passive sftp?, Security Focus

Previous by Date:	Re: Passive sftp?, Security Focus
Next by Date:	Re: Requiring multiple authentication, Lars
Previous by Thread:	Re: Passive sftp?, Bob Rasmussen
Next by Thread:	Re: Passive sftp?, Tom Lobato
Indexes:	[Date] [Thread] [Top] [All Lists]