On Fri, Mar 05, 2004 at 04:35:37PM -0500, Ghanta, Bose wrote: > I was working on what I originally thought was a bug in our FTP client. > Your ftp site has a very long banner (due to the crypto warnings and what > all), and the bug opened against our FTP client was that it would disconnect > partly through the login banner. After using a packet sniffer, I determined > that what is happening is that at a certain point, as your FTP server is > sending banner lines, it drops the connection.
This is a relatively common failure mode for scenarios involving a stateful protocol-inspecting firewall being in the way. Many popular implementations insist on a divisional newline being within the first packet; to establish state (when using PASV) and protect against a common attack method (see below). If the banner size starts coming close to the MTU and the handshake is fragmented these implementations can break the internet. See: http://www.securityfocus.com/archive/1/46655 http://www.checkpoint.com/techsupport/alerts/pasvftp.html for a description of why the check occurs, and see: http://lists.virus.org/fw1-0302/msg00599.html for instructions on how to disable the check in the most common implementation which displays this behaviour (checkpoint). It would be worth investigating wether such a device is between you and the ftp server, and whether or not it is responsible for your problems. -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]