tech-net: Re: sys/netinet/ip_ftp_pxy.c:ippr_ftp

Subject: Re: sys/netinet/ip_ftp_pxy.c:ippr_ftp_insecure
To: Darren Reed <darrenr@reed.wattle.id.au>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-net
Date: 02/03/2001 00:35:27

>>> 	what is the meaning of ippr_ftp_insecure in ip_ftp_pxy.c?
>>> 	it looks that, depending on the variable, the ftp proxy module
>>> 	changes behavior against PORT command rewriting.
>>> 	the variable name makes me wonder what is it, and who/from whom
>>> 	does it try to protect what.
>>It forces a login to the ftp server so you just can't start issuing
>>PORT commands to scan ports.
>	so the behavior protects nodes outside of the private address cloud,
>	from port scans by people behind the NAT box.  thanks.

	actually, it looks to be a server's task to me...

itojun


% telnet localhost 21
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220-
220 localhost FTP server (NetBSD-ftpd 20001218) ready.
EPRT |1|127.0.0.1|9999|
530 Please login with USER and PASS.
quit
221 Thank you for using the FTP service on localhost.
Connection closed by foreign host.