Firewall Wizards mailing list archives
PASSV (passive mode) FTP through routers/firewalls
From: "Riley, Larry" <larry.riley () disclosure com>
Date: Wed, 16 Jun 1999 12:23:07 -0400
I have a question about allowing PASSV (passive mode) FTP through routers/firewalls. We have an client who needs to be able to retrieve files via FTP from our ftp server. As of yet, they have been unable to do so, due to the fact that they only allow PASSV (passive mode) FTP through their router/firewall, and our server currently refuses permission for passive FTP. I found some information indicating that in order to enable passive FTP on our server, we would have to give world write permissions to the pseudo-device /dev/tcp. This is apparently an artifact of Solaris Off the cuff, it strikes me that this permissioning might be a security concern. Arguably it is a bit more secure from the customer's point of view for them to allow only PASSV mode. Since they only have a router and not a stateful firewall, they would have to open TCP high ports, which would leave them vlunerable to TCP high port probing and denial of service attacks on their internal hosts. Does anyone have any words of wisdom whether we should enable passive mode in this situation? Thanks
Current thread:
- PASSV (passive mode) FTP through routers/firewalls Riley, Larry (Jun 16)
- Re: PASSV (passive mode) FTP through routers/firewalls Leonard Miyata (Jun 20)
- Re: PASSV (passive mode) FTP through routers/firewalls Kevin Steves (Jun 20)