Firewall Wizards mailing list archives
Re: Our friend FTP, again
From: ark () eltex ru
Date: Thu, 15 Apr 1999 12:52:17 +0400
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, "Marcus J. Ranum" <mjr () nfr net> said :
Is there any way of seeing the following happen? 1) enhanced servers and clients that multiplex [...] 2) a cryptographic cookie value passed [...] 3) have a passive mode connection always [...]How about the following: 1) Deprecate FTP as an Internet protocol; declare it obsolete.
I think we can not. It is too widespread. Too many legacy applications.
2) Use HTTP for all file downloads
HTTP is no good. A new control connection for every file you download is authentication nightmare. HTTP lacks reliable OTP implementation, both client and server sides. HTTP causes problems when uploading files.
3a) Use ssh for all file transfers and build in an anonymous "put" capability in the copy utility
I definitely like the idea but..
-or- 3b) Use some kind of upload capability built into browsers and server POST methods. This one scares me because web servers are as insecure/messy as FTP but at least the protocol isn't as ugly. By a narrow margin.
It isn't "as ugly", it is just a different kind of uglyness..
There's all kinds of things that can be done to improve FTP but the single best would be to shoot it and shovel dirt over it. :(
Maybe.. I don't think it is SO bad ;) The problem mentioned in original message does not seem to be too dangerous ;) (just checked ftp-gw source to see if it really does compare client IP addresses for data and control connections ;) P.S. there are other protocols that behave ftp'ish way, say, CVS and CVSup (if i remember details correctly), BSD r* commands too.. P.P.S. and there are much uglier thingies like H.323 or just brain-dead like ICQ.. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNxWov6H/mIJW9LeBAQEmEQP/fs9Y1BtOEVc747DBRUQwso2hhI+uAxAD kvyaoCs799ot3HZsO7gvNDS9IIvxG/E+jvXnSvKsukvzkR+LKFL+tfNIZL9C5Zx/ FgVEa0l/EaOr4dTqCdAd1Sf3jDiafGCnTUe3OpUrpk1r5/iJHwxPniXRhPJ8qmB1 Ik1bK0hycr8= =9nnx -----END PGP SIGNATURE-----
Current thread:
- Our friend FTP, again Matthew Patton (Apr 14)
- Re: Our friend FTP, again Marcus J. Ranum (Apr 14)
- Re: Our friend FTP, again Woody Weaver (Apr 15)
- <Possible follow-ups>
- Re: Our friend FTP, again ark (Apr 15)
- Re: Our friend FTP, again Chad Schieken (Apr 15)
- Rant (Was Re: Our friend FTP, again) Marcus J. Ranum (Apr 15)
- Re: Rant (Was Re: Our friend FTP, again) Leonard Miyata (Apr 17)
- Re: Our friend FTP, again Chad Schieken (Apr 15)
- Re: Our friend FTP, again Marcus J. Ranum (Apr 14)
- Re: Our friend FTP, again Ryan Russell (Apr 15)
- Re: Our friend FTP, again Matthew Patton (Apr 17)
- Re: Our friend FTP, again Ryan Russell (Apr 15)