Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U)

From: "Benjamin P. Grubin" <bgrubin () pobox com>
Date: Fri, 5 Apr 2002 11:11:32 -0500
I can't seem to understand why FXP logically *required* separate data
channels any more than normal FTP operations.  In fact, without separate
data channels, the whole concept of FXP and FTP would have been
simplified to remove such grossness as PASV and PORT.

I always thought (and was somewhat reinforced by the RFC history) that
the logical separation of the protocol interpreter and data transfer
process were necessary to implement under NCP, and were just dragged to
TCP to remain compatible or for historical reasons.  

In any case, I think it's pretty messy.  But that's my opinion, I could
be wrong.  :)

Cheers,
Ben


-----Original Message-----
From: firewall-wizards-admin () nfr com 
[mailto:firewall-wizards-admin () nfr com] On Behalf Of Tom Kistner
Sent: Thursday, April 04, 2002 9:15 AM
To: Mikael Olsson
Cc: firewall-wizards () nfr com
Subject: Re: [fw-wiz] The yearly FTP rant (Was: Re: Passive 
FTP and NAT/PAT with PIX and Serv-U)


On Wed, Apr 03, 2002 at 01:07:11AM +0200, Mikael Olsson 
(mikael.olsson () clavister com) wrote:


Heck, simply moving the data channel to an in-line channel in
the port 21 connection would be by far more preferable, and easier
to implement to boot. I can't believe they botched the perfectly 
good chance of clearing up this old mess when they adapted FTP to 
IPv6, rather than just extending the "PORT" and "227" messages to 
handle IPv6 addresses in ASCII format. (But then again, I'm a 
grumpy security guy whose pet peeve is protocols with dynamic 
channels, not a stressed-out engineer who needs to get things 
working yesterday.)


Theres a good reason for the data channels to be on separate 
connections:
Server-to-Server transfers, commonly known as "FXP".

That feature was used quite a lot in "the old days". Today, it's
used mainly for warez currying.

So i'd say it's not an old mess, FTP just stays the way it is 
even in IPv6.

There are umpteen other ways to transfer files, why not use 
one of those ?


/tom


-- 
Tom Kistner  <tom () duncanthrax net>
ICQ 1501527  dcanthrax@efnet
http://duncanthrax.net
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards





_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: