Solved

Ftp high port

Posted on 2002-06-13
7
347 Views
Last Modified: 2010-04-11
What is the ftp high-port ? Is it about ftp active and passive mode ?
0
Comment
Question by:rotaris357
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Accepted Solution

by:
cincin77 earned 50 total points
ID: 7075261
Different from other TCP/IP applications, FTP uses 2 ports instead of one; one for control data and the other for the data. In normal operation; you open a connection to the port 21 of the ftp server.(this is the control connection) For this connection your local machine also has a port #.

The commands you enter like GET, PUT go through this channel. Aa the time comes to send or receive some data, FTP server opens a connection from its port # 20 to a local port in your machine which you sent to the server in advance through the control channel. This local port should be the 'high-port'.

However today most client machines are behind a firewall so it is not possible for the ftp server to open a connection to your machine. So your ftp client asks the server if it supports passive mode in which case the data connection is again opened by your client machine.

regards...
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 7075728
Here is a great resource that explains FTP Active vs PASV in detail.

http://slacksite.com/other/ftp.html
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7084197
>However today most client machines are behind a firewall
>so it is not possible for the ftp server to
>open a connection to your machine

What kind of firewall are you using?  Mine certainly does do this (supports non-passive FTP) - it's called a stateful firewall, and any firewall that can't do it (these days) is basically crap (although most older firewalls *were* crap, and couldn't do it, hence passive FTP)

Otherwise, all the info I see here seems good, particularly geoffryn's URL - I vote for his answer...

Cheers,
-Jon


0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 3

Expert Comment

by:cincin77
ID: 7085821
It is not a good idea to allow incoming tcp connection requests.
it can be compromised.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7091048
>It is not a good idea to allow incoming tcp connection
>requests. it can be compromised.

Please refer to the CERT ID that indicates such vulnerabilities in iptables (I would also be interested in *any* CERT advisory regarding a stateful firewall).

Cheers,
-Jon
0
 

Author Comment

by:rotaris357
ID: 7101463
Thanks Cincin77 and geoffryn that make me clear , but I choose Cincin77 because he answers the question with his intention , and I think he can make me clear in the short of the detail.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7103275
Whatever works...

Cheers,
-Jon
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question