550 list failed Re-installed my server completely. Re-installed bulletproof ftp-server. Login message on FlashFXP-client : Connecting to myserver Connected to myserver -> IP=199.199.199.199 PORT=9999 220 myserver USER superhero 331 Password required for superhero. PASS (hidden) 230 User superhero logged in. SYST 215 UNIX Type: L8 REST 100 350 REST supported. Ready to resume at byte offset 100. REST 0 350 REST supported. Ready to resume at byte offset 0. PWD 257 "/" is current directory. TYPE A 200 Type set to A. PORT 192,168,1,101,4,37 530 PORT command only accepts client IP address. LIST 550 List failed. No port specified. :( Toggled with passive / not passive Toggled with relative path Toggled everything Looked up 505 list error ... :( |
Turned of "block server to server transfer (FXP, ftp bounce attack)" it works ... grmbl |
only used WS-FTPD and Serv-U , dont have any working experience with that ftp server otherwise I would have gladlike been of assistance! |
i know **** about ftp but i think this is fuxxored PORT 192,168,1,101,4,37 530 PORT command only accepts client IP address. |
Problem was that the ftp-server receives two signals: 192,168,1,101,4,37 here ports: 4 and 37 Reading the docs specified that the "block server ..." is a protection against such "attacks", normally only one port is accepted. Server = completely configured now (swapped mobos, new HD's, new raid card, OS and tweaks + soft + sharing + ...) AND half of my personel administration is finished, what a boring & long day. Time for a welldeserved snackbreak after finishing the ghost- image |
enable PASV mode? |
Quote:
Enabling it on the server or enabling it on the client was no succes. No mather what i tried, even tried every permutation with firewall on/off. ... the "block server ..." is a protection against such "attacks", normally only one port is accepted ... PASV or not |
hmmm; "block server to server transfer (FXP, ftp bounce attack)" means this : client 1 connects to server 1 with 1 port client 1 connects to server 2 with 1 port client 1 then opens a 2nd port on both servers and starts a direct transfer from server 1 to server 2 the so called "attack" means, someone can use it to do some DOS attacks when it lets multiple other FTP upload/download stuff from your FTP, thereby flooding your connection, while client 1 practically doesn't use any bandwidth FXP = ftp to ftp file transfers need that extra port open Serv-U has the same setting, as does most popular FTP proggies but sinc you are not running an anonymous FTP, the risk of people actually doing that "attack" is very very low |
Quote:
the bounce attack is more like this: suppose you are running a service on that PC that only allows local connctions, for exemple MySQL. Sending a self-constructed PORT command, will connect the FTP server to MySQL. Now, if you first upload a file with MySQL commands to the ftp server, you can actually 'control' the MySQL service, by 'uploading' the commands file to the MySQL server (instead of sending the PORT command to your computer to download the file) MySQL receives the contents of that file, and if you know a valid account, you can edit the database contents. also applies to trusted (internal) networks |
All times are GMT +1. The time now is 18:23. |
Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO