On Wed, 3 Nov 1999, Avery Pennarun wrote:
> On Wed, Nov 03, 1999 at 10:46:26AM -0500, Greg Stark wrote:
>
> > > There is a good reason some servers (like the one i have written) do not
> > > allow server-server transfers. if it did allow the user to tell the
> > > server to connect to any ip, you could attack any server/port on the
> > > network with abibrary data using the resources of the ftp server to do
> > > so. By only allowing the server to connect to the IP the control
> > > connection comes from, possible damage is limited.
> >
> > Only if you're allowed to log in to the server in the first place. It
> > certainly doesn't make sense for non-passive anonymous FTP but that's not
> > the only use for FTP.
>
> Consider this: you could cause an FTP server to connect to port 25 on a
> remote server, uploading something that looks like SMTP commands. This is a
> fun way to send (virtually) untraceable e-mail. I've done this between a
> few of my own computers, and it works wonderfully, especially with badly
> configured FTP daemons that don't log every get/put command.
>
> This is why some FTP servers now limit based on port number, too. However,
> creative people will find ports >1024 that would benefit from untraceable
> messages.
>
> IMHO, server to third-party FTP transfers are basically silly (and trying to
> do things like this causes no end of confusion to firewall administrators).
> Why not just install an FTP client on the second computer??
Well, a port above 1024 is non-priviledged in any case... nothing critical
should be there. As for the second point, you might not have shell access
to the second computer... and server-server transfers are the best way to
do mirroring for someone who uses a slow connection like a modem.
Daniel Church | "War doesn't determine who is right-
___---^---___ | only who is left."
[EMAIL PROTECTED] | -anonymous
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/M/S/MU>AT d-(+)(x) s++:- a16@ C++(+++)>++++$ UL++++ P+ L+++(++)>++++
E W+>++ N+ o? K? w(---) !O !M(--) V? PS+(++) PE(--) Y? !PGP>+ t+ 5 X()+
R>+ tv+() b+(++)>+++ DI++>++++ D++ G+>++ e-(*)>++ h!>>-(---) r+>++ y>+
------END GEEK CODE BLOCK------
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
