Solved

DMZ and FTP servers

Posted on 2014-04-21
4
873 Views
Last Modified: 2014-04-22
Almost there....  Lets say that I have a FTP server in the DMZ.  You get DoS attacks on the FTP Server, so everything in you host is safe.  I understand that

How then does the FTP server work, since it can not server up a file on the host, because it is residing on the FTP Server within the DMZ

Thanks
0
Comment
Question by:Anthony Lucia
4 Comments
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40013338
I'm not sure what you are asking here. Can yo give me some more information please?
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 167 total points
ID: 40013435
Usually, the FTP server is autonomous - you can upload files to it from inside the LAN, to make them available to outside sites, and external users upload files to it from outside the DMZ, which internal users then "pull" to their own machines, again using FTP.

Normally, the FTP server can't itself request files, and in fact, all traffic should flow *to* the DMZ in most circumstances (web->DMZ and lan->DMZ)

If you really need a DMZ host to have the same files as an internal (LAN) host, consider using software (such as rsync) that can connect from LAN to DMZ, compare the contents of two directories, and copy files as needed to bring them back into sync.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 166 total points
ID: 40013584
Lets say that I have a FTP server in the DMZ.  You get DoS attacks on the FTP Server, so everything in you host is safe.

Your FTP server may or may not be safe during a DoS attack.   Entirely depends on the nature of the DoS attack.  

How then does the FTP server work, since it can not server up a file on the host, because it is residing on the FTP Server within the DMZ

If your FTP server is under a DoS attack, then depending on the scale of the DoS attack, the FTP server won't receive any valid FTP requests.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 167 total points
ID: 40015070
DMZ's look like this:
FTP_Server ->Firewall -> (10mbps)Internet
People come from the internet, through the allowed FTP ports (20 and 21 typically), and then access the FTP service.
A DoS attack, if it fills up the pipe, a 10mbps cable connection we'll say, then anything else that is trying to come out or go into the firewall will not get through at an acceptable rate and probably be lost/dropped/time-out.
The service doesn't matter in that case, ftp, http, ssh etc... nothing is going in or out if the circuit is overloaded.
If it's an attack against JUST FTP, and it doesn't use all 10mpbs, then other services will function in/out of the firewall, maybe with some delay but probably acceptable rates. Most servers do not sit out on the internet without a firewall in front of them. That firewall should dictate what is allowed in/out of the network, that firewall is effectively the DMZ outside perimeter. The inside perimeter of the DMZ should also limit who/what can access the FTP server from INSIDE the network, a DMZ is a locked down perimeter.
Internal network ->firewall->FTP_Server->Firewall->Internets (aka el tuba reno's)
-rich
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now