First, I agree with Ryan's analysis.
This is just F.Y.I.
FTP uses ports 20 "and" 21.
Port 21 is the FTP control channel and you should (if you must) allow it only into your FTP server.
Port 20 is the Data channel for FTP. This is hard to filter and should be blocked.
A good read is "Firewalls and Internet Security" by Cheswick and Bellovin. Should be shipped with every Firewall, but thats just my opinion.
There is a list of dozens of ports to block and the reason why for each one in the above book.
Cheers,
Ken
-----Original Message-----
From: Ryan Russell [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, February 11, 1999 8:40 AM
To: Dimitri Avgoustakis
Cc: [EMAIL PROTECTED]
Subject: Re: breach in my firewall ..
>He was able to logon onto port 21 (blocked by cable provider) !
>
>Could anyone please give me an explanation for this, and could someone
tell
>me what (legal) action i can take against him/her (i know i had anonymous
>ftp on .. but port 21 should have been blocked)
Simple. According to the traceroute, both addresses mentioned are on the
pandora.be net, which I would assume is the cable modem ISP. They
block <1024, but are only able to do so at their border. Most cable modems
are
pretty simple, and aren't about to do packet filtering for each user.
That means, every one of your ports is open to every one of the users
on the same ISP as you. Since you are running an FTP server, and he
was able to login in as anonymous, I would say that you were intentionally
offering a "public" service that he used, and you have no legal recourse.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
