On Mon, Oct 25, 1999 at 09:28:36AM -0700, Miles Lane wrote:
> Help!
> I have been unable to connect to the new PCMCIA distribution
> FTP site. I have checked with David Hinds and he says noone
> else has reported any problems. I know basically nothing about
> network protocols, so your help is greatly appreciated!
I've noticed two problems with SourceForge.org.
One is that they are connecting back on auth, looking for the
ident service, when you first make a connection to them. If they can't
connect to ident because you are behind a firewall, or aren't running
auth, and they don't get a RST or some sort of ICMP unreachable back (maybe
because you are behind a firewall that doesn't send them) they seem to have
a ridiculous timeout before giving up on auth. It's like 5 or 10 minutes
long! And you just sit and sit and sit there waiting for the blinken
thing to come back to you with a prompt after connecting.
I don't know the exact timeout, because every time I've tried to
access it from behind any of my firewalls, I end up doing something else
and checking back from time to time. Unfortunately, by the time I've
noticed that the ident time-out has fired and I have a prompt, the 3
minute idle timer has also fired and it has disconnected me. Interactive
ftp from behind a firewall where ident has to time out is virtually
useless with their site.
Next problem occured when I tried to use fmirror to retrieve the
files (wget won't work because wget doesn't support passive mode and I
have to use passive mode through our firewalls). An attempt to mirror
over the pcmcia directory from SourceForge went absolutely, positively,
berzerk. I got the same directory listing scrolling over and over and over
again when fmirror tried to determine what needed to be gotten.
Discovered that it's a bug in the "list" operation at their end.
Fmirror is configurable but the list command options default to -lgRa.
Unfortunately, the list command at that end is broken for the "-a"
option in combination with "-R" and recurses on "." repeating the same
thing over and over again. Just try doing a "dir -lgRa" in any directory
once you've connected to them, you'll see what I mean. The fix for that
was to set the listing options to "-lgRA" and it no longer recursed on ".".
Using "-A" instead of "-a" probably makes sense anyways. The only thing
that will probably be broken is the mirrored modification time of the
root directory of the mirror operation.
So I got my work-around. If I have to connect to SourceForge
I use fmirror to retrieve files so I don't have to deal with their broken
ident timeout and I set the listing options to -lgRA to avoid the -a
bug in the recursive listings. This way, I turn fmirror loose and come
back 10 minutes later and it has patiently sat through the timeout and
grabbed the files I've wanted as soon as it is permitted in.
I hadn't complained to them or David, because I managed to figure
out somewhat reasonable workarounds. I'm Cc'ing this to all of them as
well, to let them know of my experience.
They are also running a vulnerable version of ProFTP on that
site. They're running ProFTP 1.2.0pre1 according to the banner and
everything prior to 1.2.0pre6 had some pretty serious nasty buffer
overflows and such. Someone is not keeping up with security advisories
or upgrades. :-(
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
