Re: Passive vs. Active FTP

Priscilla Oppenheimer Wed, 06 Dec 2000 15:34:30 -0800
With both active or passive mode, the client opens an FTP control 
connection by sending a SYN to the FTP server, from an ephemeral port, to 
the well-known FTP control port 21. The control connection is used for 
sending commands, such as RETR or STOR. An ephemeral port is a port above 
1023 that is not used for any well-known service. The OS temporarily 
assigns an ephemeral port to an application.

With active mode, when the user requests data by asking for a file or 
directory listing, the client sends a PORT command specifying an ephemeral 
port for use in a data connection. The FTP server opens the data connection 
by sending a SYN from port 20 to the ephemeral port that the client 
specified in the PORT command. A lot of firewalls won't allow a session 
establishment from an outside server, so this can cause problems.

With passive mode, the FTP client opens the data session. The server uses 
the PORT command to specify an ephemeral port. The client opens the data 
connection by sending a SYN from one of its own ephemeral ports to the 
ephemeral port specified by the server. This works better with firewalls 
usually, though I have run across cases where passive doesn't work because 
the server side was running a personal firewall that wouldn't allow an 
incoming session establishment to an ephemeral (not well-known) port number.

FTP is bad from a security point of view. Not only does it have this ugly 
business with passive vs. active, but it also sends passwords in clear 
text. It also includes the host's IP address in the PORT command which is 
not such a good idea for security and can have problems when NAT is in use.

Priscilla

>""Zhang Jin"" <[EMAIL PROTECTED]> wrote in message
>90hnub$4f5$[EMAIL PROTECTED]">news:90hnub$4f5$[EMAIL PROTECTED]...
> > Dear Group,
> >
> > who can tell me the difference between these 2 term?
> >
> > TIA
> >
> > Dean
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_________________________________
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


________________________

Priscilla Oppenheimer
http://www.priscilla.com

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive vs. Active FTP

Reply via email to
