Bugtraq mailing list archives
Re: ftpd: the advisory version
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sat, 8 Jul 2000 01:12:53 +0200
"D. J. Bernstein" wrote:
[snip] Internet Explorer uses PASV. What makes you think that requiring PASV will noticeably increase the level of user annoyance at your firewall?
Because Internet Explorer 5 does NOT use PASV by default any more; it defaults to PORT. That is: * If you set IE5 to display FTP as a "file explorer", it uses PORT. This is the default mode. * If you set IE5 to "display FTP as a web page", is uses PASV. Probably some geek coder thought "ah you can be active with file explorer so we'll use active mode, while web pages are pretty passive things, so we'll use passive mode". Duh. -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se
Current thread:
- Re: ftpd: the advisory version Valdis Kletnieks (Jun 30)
- Re: ftpd: the advisory version Tom Perrine (Jul 02)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- <Possible follow-ups>
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
- Re: ftpd: the advisory version Mike Gleason (Jul 02)
- [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
- Re: ftpd: the advisory version monti (Jul 05)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
- Re: ftpd: the advisory version monti (Jul 07)
- Re: ftpd: the advisory version Mikael Olsson (Jul 07)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)
- ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed J C (Jul 10)
- Novell Border Manger - Anyone can pose as an authenticated user Coward, Anonymous (Jul 07)