active & passive ftp without opening everything
i have played around with ftp this evening and it is surely a bugger. Prb: Actually i'd like to be able to use my ftp client to connect to whatever server i like, regardless of whether it supports passive ftp or not. But, as i understand it,
that freaky "data connection" forces me to open up just about everything. Okay, i can restrict it so that it's only active when certain apps are running, but as soon as my browser or my TrojanScanner are in the list, it's active almost all the time...
Anyone having any idea - short of "connection tracking" like linux iptables does, i.e. parsing the ftp control dialogue and thus finding out which singular port to open each time?
I have no problem establishing the control connection from localhost:arbitrary to arbitrary:21.
But when the data connection is established, and i want to allow *both* active and passive, i have to cater with in- and outbound SYNs, in- and outbound SYNACKs, and in- and outbound ACK(PSH)s, all on arbitrary ports. (When I'm lucky, i can restrict inbound SYNs and outbound SYNACKs to remote port 20, but as i am browsing through my ftp client's server database, i find that not all servers adhere to the active ftp standard in this respect).
So, that covers almost everything.
Lots of thanks in advance,
Acer Aspire 1520 and Arch Linux (and openbox, screen, mutt, mc, vim etc.)
GPG 0x869F8 http://www.commontology.de/andreas/
b8 7a 0 0 0 bb b8 90 4 8 cd 80 b9 b8 90 4 8 ba 41 0 0 0 bb 1 0 0 0 b8 4 0 0 0 cd 80
|« Previous Thread | Next Thread »|
|Thread Tools||Search this Thread|