Raymond,
First off, I'm not sure what the patch that you're talking about removing
is. Today I tried removing the following two lines from the base.def, but
there was no change:
or
[packetlen - 1:1] = 0x0a
Is the x in the 0x0a variable? I'm asking this because it looks like 0d0a
is the terminating string. The trace that I ran with the Enable PASV box
unchecked allowed the header to be split, so why would having it checked be
any different at this point in the communication? Is this really a
fragmentation issue?
I put both traces out at http://www2.southwind.net/~gtucker/ if you'd like
to take a look at them.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Raymond Tuggle
Sent: Thursday, July 20, 2000 9:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [FW1] FTP gets Network Error: Connection reset by peer
Greg
I am having the same problem with service.boulder.ibm.com. I am
running FW1 4.0 SP5 and SP6. I believe it is caused by the FTP fix that
Checkpoint added in SP5. I don't know about FW1 4.1.
They now require each packet to end with a 0x0a. The banner coming
from the site is more than 1500 characters in length. Therefore the
banner is split into 2 packets. The first packet doesn't end with a
0x0a which violates the patch that Checkpoint has implemented. This
seems to me to be a poor solution to fix the vulnerability. Are we
suppose to contact every FTP server administrator and ask them to reduce
their banner to less than 1500 characters?
I had asked IBM if they could reduce their banner by 5 lines so it
would fit in a 1500 character packet. Haven't had any luck with this
yet. They have another site at boulder called
testcase.boulder.ibm.com. This site works fine, even though I think it
is running the same FTP server software, but the banner is smaller than
1500 character.
I was going to disable the patch by changing the base.def file. But
it sounds like you have already tried this!
I am also having a problem with suf.boulder.ibm.com. But this one
is different. On this one I can manually ftp to the site and put files
out there. But when I use the SUF software that IBM provided to
automate the FTP it doesn't work.
Raymond
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
