Re: [MAGNet] OS X, Interarchy & SSH: help!

Date view	Thread view	Subject view	Author view

From: Aron Roberts (aron@socrates.berkeley.edu)
Date: Thu Oct 25 2001 - 11:11:28 PDT

Next message: Letitia Carper: "[MAGNet] need OS 9 disk to borrow"
Previous message: Greg Merritt: "Re: [MAGNet] OS X, Interarchy & SSH: help!"
In reply to: Glenn D. Tiffert: "[MAGNet] OS X, Interarchy & SSH: help!"
Next in thread: Glenn D. Tiffert: "Re: [MAGNet] OS X, Interarchy & SSH: help!"
Reply: Glenn D. Tiffert: "Re: [MAGNet] OS X, Interarchy & SSH: help!"

In the message "[MAGNet] OS X, Interarchy & SSH: help!", dated
2001-10-25, Glenn D. Tiffert wrote:

>A quick question:
>
>I have been trying to ftp in to my socrates account using the OS X version
>of Interarchy 5.01.
>
>It works fine unless I select the tunnel via SSH option. If I try to ftp
>with this option turned on, I get the following error:
>
>> PASV
>> 227 Entering Passive Mode (128,32,25,13,179,224)
>> LIST
> > 425 Possible PASV port theft, cannot open data connection.

One possible reason for this error is that Socrates may be using an
FTP server which prevents someone from committing "port theft."

The FTP server does this by checking for FTP clients which
establish a control connection from one IP address, then attempt to
open one or more data connections from a different IP address.
Unfortunately, this also occurs when someone legitimately attempts to
connect via SSH tunnelling.

Recent versions of wu-ftpd <http://www.wu-ftpd.org/>, a widely used
freeware FTP daemon from Washington University in St. Louis, can be
configured to perform this type of checking to prevent against
possible "port theft" exploits. Socrates is running the current
version, 2.6.1, of wu-ftpd, as per its FTP server greeting, and this
server might be configured in this manner:

>220 socrates.Berkeley.EDU FTP server (Version wu-2.6.1(7) Wed Jan 3
>12:35:15 PST 2001) ready.

There's a brief description of this issue in an Interarchy
discussion group at:

http://groups.yahoo.com/group/interarchy/message/853

and a clear and detailed description in the section titled "A Problem
Most Foul" in:

   Bowie Snyder
   "Secure Shell Port Forwarding for Securing Dreamweaver 3 FTP
   and Other Legacy FTP Clients", May 2001
   http://www.bowiesnyder.com/writings/ftp_ssh.htm

Aron Roberts
Workstation Software Support Group

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.

Next message: Letitia Carper: "[MAGNet] need OS 9 disk to borrow"
Previous message: Greg Merritt: "Re: [MAGNet] OS X, Interarchy & SSH: help!"
In reply to: Glenn D. Tiffert: "[MAGNet] OS X, Interarchy & SSH: help!"
Next in thread: Glenn D. Tiffert: "Re: [MAGNet] OS X, Interarchy & SSH: help!"
Reply: Glenn D. Tiffert: "Re: [MAGNet] OS X, Interarchy & SSH: help!"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29 : Thu Oct 25 2001 - 11:12:24 PDT