Re: ws_ftp pro 6.51 exposes internal IP addresses

[Crawling KingSnake <kingsnake () MINISTER COM>]

How so is this an administrative issue?  ws_ftp is the only one that does
this.  Other clients connect successfully using PASV mode.  Maybe you should
reread the statement and not be so quick to jump on the "administrator at
fault" excuse.  The server does not have the bounce attack enabled but the
client must use PASV to connect because of the firewall.  Those are two
different issues.  Please try to understand the situation before responding
since these responses prove wasteful.



On Mon, Jul 31, 2000 at 09:07:13AM -0400, Crawling KingSnake wrote:
> ws_ftp pro 6.51 exposes internal IP addresses when connecting using PASV
<snip>
> Vendor was notified but no response.

what is the vendor supposed to do? This is an administration issue. If you
are protecting your network via a firewall, and you intend to hide all
aspects
of your network hierarchy, then you'll want to disable passive ftp.

Unless ws_ftpd is not capable of disabling passive ftp, this doesnt sound
like
a vendor issue.

<ss>


______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup