Greg
I am having the same problem with service.boulder.ibm.com. I am
running FW1 4.0 SP5 and SP6. I believe it is caused by the FTP fix that
Checkpoint added in SP5. I don't know about FW1 4.1.
They now require each packet to end with a 0x0a. The banner coming
from the site is more than 1500 characters in length. Therefore the
banner is split into 2 packets. The first packet doesn't end with a
0x0a which violates the patch that Checkpoint has implemented. This
seems to me to be a poor solution to fix the vulnerability. Are we
suppose to contact every FTP server administrator and ask them to reduce
their banner to less than 1500 characters?
I had asked IBM if they could reduce their banner by 5 lines so it
would fit in a 1500 character packet. Haven't had any luck with this
yet. They have another site at boulder called
testcase.boulder.ibm.com. This site works fine, even though I think it
is running the same FTP server software, but the banner is smaller than
1500 character.
I was going to disable the patch by changing the base.def file. But
it sounds like you have already tried this!
I am also having a problem with suf.boulder.ibm.com. But this one
is different. On this one I can manually ftp to the site and put files
out there. But when I use the SUF software that IBM provided to
automate the FTP it doesn't work.
Raymond
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
