Re: ftp site
On Fri, Mar 05, 2004 at 04:35:37PM -0500, Ghanta, Bose wrote: I was working on what I originally thought was a bug in our FTP client. Your ftp site has a very long banner (due to the crypto warnings and what all), and the bug opened against our FTP client was that it would disconnect partly through the login banner. After using a packet sniffer, I determined that what is happening is that at a certain point, as your FTP server is sending banner lines, it drops the connection. This is a relatively common failure mode for scenarios involving a stateful protocol-inspecting firewall being in the way. Many popular implementations insist on a divisional newline being within the first packet; to establish state (when using PASV) and protect against a common attack method (see below). If the banner size starts coming close to the MTU and the handshake is fragmented these implementations can break the internet. See: http://www.securityfocus.com/archive/1/46655 http://www.checkpoint.com/techsupport/alerts/pasvftp.html for a description of why the check occurs, and see: http://lists.virus.org/fw1-0302/msg00599.html for instructions on how to disable the check in the most common implementation which displays this behaviour (checkpoint). It would be worth investigating wether such a device is between you and the ftp server, and whether or not it is responsible for your problems. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: ftp site
Ghanta, Bose wrote: Dear Ben and OpenSSL Team members, Could you kindly answer the following question from one of my group members? I very much appreciate it. I was working on what I originally thought was a bug in our FTP client. Your ftp site has a very long banner (due to the crypto warnings and what all), and the bug opened against our FTP client was that it would disconnect partly through the login banner. After using a packet sniffer, I determined that what is happening is that at a certain point, as your FTP server is sending banner lines, it drops the connection. I'm suspecting it's not doing so gracefully, as I'm seeing a TCP/IP RST segment, not a FIN segment. I'm wondering if you can put me in touch with whoever runs your network servers, so we can get to the bottom of this. It doesn't happen from linux or win2000 boxes here, so I'm suspecting it's something about the way our TCP/IP stack is ACK'ing incoming segments from your FTP server. It may be a bug in your TCP/IP stack that's only triggered in a rare case. Please let me know how you'd like to proceed. What does this question have to do with us? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
