Wednesday, November 30, 2005


[Argus]
[Asax]
[Asmodeous Port Scanner (WebTrends)]
[Cerberus Internet Scanner]
[COPS]
[Fremont]
[HPing]
[ISS]
[Legion v2.1]
[NTInfoScan]
[Nessus 1.0.10]
[nmap]
[Nss]
[Rscan version 1.5]
[SAINT]
[Sara 3.5.2]
[SATAN]
[Strobe version 1.03]
[Tiger version 2.2.3 and 2.2.4]
[Utilities, source and information for Windows 9x/NT ]
[Urlscan]
[Web Trends Security Analyzer]
[Whisker]
[YAPS]

Argus
Argus is a generic IP network transaction auditing tool. Argus runs as an application level daemon, promiscuously reading network datagrams from a specified interface, and generates network traffic status records for the network activity that it encounters.

Download:
ftp://ftp.andrew.cmu.edu/pub/argus/


Asax
Asax. An Advanced Security audit trail Analysis on uniX.

Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/asax


Asmodeous Port Scanner (WebTrends)
Asmodeous network security scanner for Windows NT.

Download:
http://www.webtrends.com/products/wsa/


Cerberus Internet Scanner (CIS)
NTInfoScan has now been reborn as the Cerberus Internet Scanner (or simply CIS). Though orginally designed to discover vulnerabilities in the Windows NT platform NTInfoScan has been updated so it will also discover security issues in *NIX systems now too, though it still only runs on Windows NT. This is why the name has been changed - because it is no longer NT specific. It is planned that binaries for Linux systems, Sco OpenServer and Solaris 2.x will be offered soon.

Download:
http://www.cerberus-infosec.co.uk/


COPS version 1.04
The Computer Oracle and Password System (COPS) package from Purdue University. Examines a system for a number of known weaknesses and alerts the system administrator to them; in some cases it can automatically correct these problems.

Download:
ftp://ftp.jaring.my/pub/cert/tools/cops/


Fremont
Fremont is a research prototype for discovering key network characteristics, such as hosts, gateways, and topology. It runs on SunOS, and has been tested on both Sun3 and Sun4 hardware, on SunOS 4.1.1. The ARPwatch and RIPwatch Explorer Modules use the Sun's Network Interface Tap. This directory contains information, the latest version and patches.

Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/netutils/fremont


HPing
A network analysis tool. HPing is a tool which enables you to send packet with non traditional IP stack parameters and gather information from the results of the incoming packets (which were generated in responds to the sent packet), this information isn't displayed by regular application since much of it is for debugging and internal network functionality.

Download:
http://www.kyuzz.org/antirez/oldhping.html


Internet Security Scanner (ISS) (Evaluation copy)
ISS versions 1.21 and 1.3. This is a program by Christopher Klaus. A multi-level security scanner that checks a UNIX system for a number of known security holes such as problems with sendmail, improperly configured NFS file sharing, etc.

Download:
ftp://ftp.iss.net/pub/iss/


Legion v2.1
This is a Win32 file share scanner and an improved version of Legion 1.x. Some of the features includes a "user-friendly" interface, multiple scan configurations, treeview of remote hosts, text reporting, mounting drives with one click and share level brute force plug-in.

Download:
http://www.nmrc.org/files/snt/legion.zip


Nessus 1.0.10
Nessus is a free, open sourced and easy-to-use security auditing tool for Linux, BSD and some other system. It is multithreaded and plugin based, and has a nice X11 interface.

Download:
http://www.nessus.org


nmap
nmap is a utility for port scanning large networks using various scanning techniques. nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, and output to machine parseable or human readable log files.

Download:
http://www.insecure.org/nmap/index.html


nss
nss is a perl script that scans either individual remote hosts or entire subnets of hosts for various simple network security problems. The majority of the tests can be performed by any non-privileged user on a typical Unix machine.

Download:
http://www.ja.net/CERT/Software/nss/


rscan version 1.5
Rscan (previously called securscan) is a tool that lets a system administrator run complex or simple scanner scripts on any number of machines in a heterogeneous environment.

Download:
http://www.protomatter.com/rscan/


SAINT
SAINT is the Security Administrator's Integrated Network Tool. In its simplest mode, it gathers as much information about remote hosts and networks as possible by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, statd, and other services. The information gathered includes the presence of various network information services as well as potential security flaws -- usually in the form of incorrectly setup or configured network services, well-known bugs in system or network utilities, or poor or ignorant policy decisions. It can then either report on this data or use a simple rule-based system to investigate any potential security problems.

Download:
http://wwdsilx.wwdsi.com/saint/


SARA 3.5.2
"Security Auditor's Research Assistant"-security audit tool, GPL license.

Download:
http://www-arc.com/sara/


SATAN version 1.1.1
SATAN, the System Administrator Tool for Analyzing Networks, is a network security analyzer designed by Dan Farmer and Wietse Venema. SATAN scans systems connected to the network noting the existence of well known, often exploited vulnerabilities. For each type of problem found, SATAN offers a tutorial that explains the problem and what can be done.

Download:
http://www.fish.com/satan/


strobe version 1.03
Strobe is a security/network tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilisation maximising, and process resource minimising manner.

Download:
http://www.deter.com/unix/software/strobe103.tar.gz


Tiger version 2.2.3 and 2.2.4
Tiger (from Texas A & M University) is a set of scripts that scan a Unix system looking for security problems, in the same fashion as COPS.

Download:
http://www.ja.net/cert/Software/tiger/


Utilities, source and information for Windows 9x/NT
The Systems Internals Web site provides you advanced utilities, technical information and source code related to Windows 95 and Windows NT internals that you won't find anywhere else. This includes monitoring tools and performance tools.

Download:
http://www.sysinternals.com/


Urlscan
Urlscan is a powerful security tool that works in conjunction with the IIS Lockdown Tool to give IIS Web site administrators the ability to turn off unneeded features and restrict the kind of HTTP requests that the server will process. By blocking specific HTTP requests, the Urlscan security tool prevents potentially harmful requests from reaching the server and causing damage.

Download:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/urlscan.asp


Web Trend Security Analyzer (Evaluation pack)
WebTrends Security Analyzer helps you discover and fix the latest known security vulnerabilities on your Internet, intranet and extranet. Systems are analyzed on demand or at scheduled intervals, allowing prioritization and comparative reports to be generated with recommended fixes that resolve possible exploitations.

Download:
http://www.webtrends.com/products/wsa/


Whisker
Whisker is a CGI scanner with impressive features that makes it much better than most CGI scanners.

Download:
http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2


YAPS
YAPS stands for Yet Another Port Scanner. It is a Windows95/NT intelligent IP port scanner. It can quickly analyze a single computer or identify all computers on a specified network.

Download:
http://www.tni.net/%7Eted/Yaps/Yaps.html


Disclaimer

The tools described above are provided as-is and are for use at your own risk. Unless otherwise noted, no effort has been made to verify that the software is free from viruses, Trojan horses, or other forms of malicious programming. No effort has been made to verify that the software performs as its authors claim.

Epson TM U220A




Al

Friday, November 25, 2005

20-11-2005 00:00:00

Despedida y cierre.

Categoria: GeneralMichel

Saludos. Como habréis notado en el asunto este no es un mensaje normal, es un mensaje de despedida.

A requerimiento de la Sociedad CEDRO (Centro Español de Derechos Reprográficos) que opina que desde el ftp se difundían muchos contenidos ilícitos (archivos con derechos protegidos), y para evitar males mayores hemos decidido cerrar los servidores a la espera de retirar todo el material que no sea de Dominio Público (DP). No os escondo que es una tarea muy laboriosa pues es difícil determinar qué archivos son efectivamente de DP y no podemos aventurar ninguna fecha posible de reapertura, si es que alguna vez se vuelve a abrir, ni siquiera tenemos claro que para eso sea necesario abrirlo pues en la red hay muchas bibliotecas digitales con ese tipo de material.

Nuestra idea, seguramente ingenua, ha sido siempre que las bibliotecas digitales fueran como las bibliotecas públicas, como si fuera la biblioteca del barrio pero sin fronteras, sin que el libro no esté disponible porque está prestado, sin que el libro dé asco leerlo de lo releído que está, sin que haya que desplazarse hasta el local, que se pueda acceder los domingos y por la noche, que si vivo en la Patagonia tenga las mismas posibilidades de leer que si vivo enfrente de la biblioteca de mi ciudad, etc... etc... etc... etc... Pero eso, hoy por hoy, la ley no lo reconoce, sólo hace salvedad de las Bibliotecas Públicas y menos mal porque si no intentarían cerrarlas también.

Pensamos que las bibliotecas digitales no sólo no causan perjuicios a los autores sino al contrario son un medio ideal para darse a conocer y así aumentar sus ventas pues no cabe duda que el archivo digital no es el libro en papel ni tiene su comodidad de uso (está complicado eso de llevarse la compu al retrete o a la cama) ni irradia su magia, y si un libro le ha gustado intentará conseguirlo en papel para disfrutarlo del todo... Pero si los autores y editoriales piensan, a través de CEDRO, lo contrario, nosotros no estamos en situación, legalmente hablando, de discutírselo con alguna probabilidad de éxito.

Sé que muchos de vosotros vais a quedar un poco huérfanos pero no desesperéis, por ahora hay muchos sitios a los que no ha llegado el largo brazo de estos individuos para quienes priman sus intereses materiales por encima de la difusión de la cultura y donde se pueden conseguir buena literatura. Hay muchos grupos de lectura que ponen a disposición libros digitales. Un buscador permite saber si el libro que buscas está disponible o no en alguno de sus almacenes http://librosgratis.mywebhut.com/index.html o http://librosgratis.webcindario.com/hondero/php/index.php el resultado de la búsqueda será algún grupo donde estará almacenado, no tenéis mas que suscribiros al grupo, bajar el archivo y si queréis podéis volveros a borrar.

También bibliotecas digitales como Librodot http://www.librodot.com/index.php y otras, ofrecen libros de forma gratuita o la ya clásica Gutenberg http://www.gutenberg.org/ Hay muchas, sólo hay que dedicar un rato a exprimir Google para encontrarlas. Y también contáis con los habituales canales de distribución a través de IRC (Internet Relay Chat) http://es.wikipedia.org/wiki/IRC o P2P (peer-to-peer) http://es.wikipedia.org/wiki/P2P.

En nombre del grupo de personas que durante este tiempo ha hecho posible la biblioteca y en el mío propio recibid mi agradecimiento por estar ahí.

Saludos cordiales y hasta otra. Sniff... Sniff... Sniff... :'-(

Michel.

*** No olvides que quizás tienes una BIBLIOTECA PÚBLICA
cerca de tu casa donde está esperándote ese libro que nunca
encuentras en Internet y muchos más :-) *************

Thursday, November 24, 2005

http://www.ductape.net/~mitja/freeunix.shtml

The biggest Free Shell list on the net :-)

Host

Service

http://freeshell.org,
http://sdf-eu.or

Server & services:
- 3 load balanced T1s (Sprintlink and Savvis)
- 16332 ISDN/v.90/v.92 dialup numbers in the US & Canada
- SIGs, Music Compilations and Membership activities
- 10+ DEC Alphas (DS20L/DS10L) running NetBSD
- Supporter of the NetBSD project and The Computer History Museum in Mountain View California

http://www.grex.org

Server: OpenBSD
Services: email, lynx, personal webspace, compile C programs... (quota: 1Mb)

http://www.nyx.net

Server: ???
Services: email, ftp, telnet, lynx, personal webspace of 100K

http://m-net.arbornet.org

Server: FreeBSD
Services: email, pop3, lynx, personal webspace, compile C programs (quota: 500kb)

http://www.xox.pl

Server: ???
Services:email,pop3,ssh,irc,ftp,web space (quota: 1Mb)

http://www.rootshell.be

Server: Linux
Services: pop3/web email, webspace, the complete set of UNIX/Gnu tools, quota: 2M

http://www.daforest.org

Server: Linux
Services: email, pop3, micq, ftp, personal webspace with cgi, ssi, eggdrop (quota: 10Mb)

http://www.vectorstar.net

Server: Linux
Services: Email, Webspace, subdomain if requested, web-based MessageBoard... (quota: 20Mb)

http://www.polarhome.com

Server: Linux, FreeBSD, VAX (OpenVMS operating system)
Services: Email, pop3, irc, ftp, eggdrop... cool place on different operating systems!

http://vmsbox.cjb.net

Server: OpenVMS
Services: Free, but only a limited number of accounts will be granted. Standard access via Telnet or SSH. Mail handling via VMS MAIL or POP3/SMTP. Web space with scripting support. Access to Perl and C for programming.

http://www.titanix.net

Server: Linux
Services: pop3,pop2,imap,smtp,ftp,irc,mail,mail->SMS,compiliers, NO quota for now..

http://www.bur.st/

Server: Linux
Services: Only for people in Australia! Access via ssh, scp, ftp, pop3; basic and full shell access, domain hosting and/or seconding, mailing lists.

http://full-house.net

Free Shell accounts (ssh)
Free Email addresses (POP3/IMAPS) - webmail,mailing lists
Programing languages (C,C++,Perl,Python ...)
Web hosting with php4 mysql & postgresql, FTP
Domain hosting
Domain registration
Primary et secondary name servers

http://deathrow.vistech.net

Server: OpenVMS on VAX/Alpha
Services: IRC usage is allowed but no bots/relays/etc.

http://nic-nac-project.de

Server: Debian Linux 3.0 on Dual Athlon 1800XP, Connection: DSL (1,5 Mkbit/384kbit) / VaxStation running OpenVMS
Services: Un-restricted shell access, gcc, screen, mc, mutt, BitchX, Web Hosting, 14 Background Processes, no general home-dir quota; But file-size is restricted to 32 MB max, one MySQL db per default (on request) and a VaxStation to the LAN for OpenVMS experience to the users :)
Note: Accounts are Postcard-ware.

http://aragon.marway.org

Server: SunOS, Linux, IRIX
Services: email, web space...

http://www.magnesium.net/

Server: ???
Services: ???

http://cyberunners.org/

Server: Linux
Services: IPv6, PHP, MySQL, personal subdomain, gcc, IRC access with eggdrop, BitchX, e-mech, one background processes allowed (quota: 10Mb)

http://www.metawire.org

Server: OpenBSD
Services/Info: SSH, POP3, Webmail, FTP, PHP, PostGreSQL (NO MySQL), IRC. NO PSYBNC/EGGDROP/MECH until 1-2 months of good behavior, decent amount of activity, and community support. Used to be brained.org and networkthis.org (25Mb Space & 25Mb Mail to start with)

http://www.jvds.com/freeshells/

Server: ???
Services/Info: No irc, Quota: 6Mb (shared between mail and web)

http://www.linuxnetbox.de/

Server: Linux
Services/Info: Webmail, MySQL, PHP, 1 eggdrop... (quota: 10 Mb)

http://www.unixdaemons.com/

Server: FreeBSD
Services/Info: mail, webspace, perl... (quota 12Mb)

http://www.celuloza.ro/

Server: Linux
Services/Info: SSH connection to a Linux host, an e-mail address username@tweety.celuloza.ro (pop3 or webmail), 3 Mbytes of disk quota, a homepage like http://tweety.celuloza.ro/~username

http://www.polarhome.com/

Server: Linux/RedHat, Linux/Debian, OpenVMS/Alpha, OpenVMS/VAX, Solaris, Ultrix, OpenBSD, FreeBSD, NetBSD, HPUX, AIX
Services/Info: Polarhome.com is non commercial, educative effort for popularization of shell enabled operating systems and Internet services, offering shell accounts and other services on all available systems.

http://shells.thinkgeek.co.uk

Server: Linux/Debian
Services/Info: Mail, gcc, perl, php, eggdrop...

http://www.biglamers.org

Server: Linux
Services/Info: ???

http://www.silenceisdefeat.org/

Server: OpenBSD
Services/Info: 50MB storage space, http access (http://silenceisdefeat.org/~username), ftp access, ssh, telnet, and communication programs such as IRC, AIM, MSN, ICQ, Lily, and email.

http://www.hbx.us/

Server: Freebsd 4.9 on a Quad 2.4 Xeon with 4 gigs of ram
Services/Info: About anything goes except for DoS, BNCs and IRC bots.

http://www.hwee.org/

Server:
Services/Info: SSH access, access to all of the common Unix commands, Web-space, E-mail, IRC access via the BitchX IRC client, 10MB disk space.

http://phynix.darkwired.org/

Server: Sun Solaris 9
Services/Info: project phynix is a free unix-shells service. the goal purpose of the project is providing an educational environment for 'unix-newbies'.

http://www.zsuatt.org/

Server: linux
Services/Info: public_html, php,cgi-bin on request, 3bg procesess, 50mb space , eggdrop allowed, access to compilers , bitchx, ftp , ssh access, and a lot of more...

http://www.rulex.net/

Server: FreeBSD
Services/Info: Free Email - 5mb space, 2 processes / 1 IRC-connection, Free Web-Space - 50mb space, PHP & MySQL supports. Compilers, ssh and telnet has been disabled. BNCs are forbidden.

http://www.aeshells.org/

Server: Slackware 10.1
Services/Info: pop3, smtp/spamassasin/fetchmail, ssh2 only, irc/bitchx/eggdrop, mysql... IRC support: irc.shellsnet.org #aeshells

http://www.wanadobe.biz/

Server: Linux
Services/Info: French free shell server with mail, web, ftp, ssh, mysql, php...

http://freeshell.simosnap.com/

Server: Linux on a 2048/512 dsl line with static ipv4 and ipv6
Services/Info: Free shell service reserved to italian users only. Psybnc eggdrop, ipv6, bitchx, irssi, 2 max process per user, usermin wget...

http://freebsd.prohostuk.net/

Server: FreeBSD
Services/Info: 5M disk quota as standard (more might be available if you can justify it), webspace (PHP enabled), an email address, crontab access (limited), access to all the standard UNIX command line tools and compilers, IRC access through BitchX...

http://www.celebris.net

Server: FreeBSD, Celeron II 700MHz
Services/Info: Access via SSH/SCP, e-mail, MySQL, webspace, PHP, 7 MB quota, IPv6 support, 1 bg, IRC access, NO bots or bouncers

http://the1.no-ip.com/

Server: PA-RISC Debian Linux
Services/Info: Few restrictions, instant account additions, see webpage for more details.

http://www.mlg3.net/

Server: OpenBSD 3.7
Services/Info: Selective provider with 7 ipv4 vhosts, irssi/BitchX/eggdrop allowed, and background processes limited only by memory usage.

http://www.zerged.com

Server: Slackware Linux
Services/Info: Offering free shells for IRC access, eggdrop, php, webmail. Runs BitchX and irssi.

http://www2.steve-gibbs.co.uk/

Server: Mandrake Linux
Services/Info: webpage, irc, gcc, pico , php , cgi scripts... quota: 10Mb

http://www.suxxsbox.info

Server: Linux
Services/Info: offers free shell & email & web space for finnish / scandinavian people.

http://www.shellsnet.org

Server:
Services/Info: A large group of free shells providers have joined together on one IRC network and website. That network/site is known as ShellsNet, and is founded on the idea that different shell providers can help each other out in various ways, from sharing information about abusive users to admins helping each other with resolving technical issues...

http://bsd.miki.eu.org/

Server: FreeBSD
Services/Info: Polish server. Full featured freebsd accounts suitable for developement, communication, php, unix scripting, etc.

http://www.chules.net/

Server: Linux (Fedora Core 2)
Services/Info: ???

http://freeshell.datadrain.org/

Server: Debian GNU/linux 2, speed 2mbit down, 2mbit up
Services/Info: access to basic unix programs, donators will be able to use irc programs.

http://jiyu.gnook.org/

Server: OpenBSD 3.6 - Pentium 2 350hz, 128mb ram
Services/Info: 10mb quota for files (mail on seperate computer), webmail, IRC, WWW, FTP, SSH, NO BNC (and other IRC CRAP)

http://shell.yaphog.org/

Server: FreeBSD
Services/Info: C compiler, perl, free eggdrop hosting, webhosting + php, BitchX, ircII, psybnc, telnet and ssh access, local ircd, and many more free of charge on FreeBSD systems.

http://www.gibbs-hosting.co.uk/freehosting.html

Server: Mandrake 10
Services/Info: 5mb disk space quota, Bitchx access, gcc,cc, pico, php, cgi scripts, apache, public ftp, LYNX access, PHP/CGI scripts enabled

http://shells.humpmeg.net

Server: freebsd 4.11
Services/Info: 30mb of storage with a public_html. If one wants more then 30mb then contact an admin and ask. Irssi, bitchx etc etc. can run psybnc if wanted.

http://www.plexerv.info

Server: freebsd
Services/Info: One background proccess ( psyBNC,eggdrop allowed), 10MB of FREE web space, Access to all Vhosts ( www.plexerv.info/vhosts )

http://www.phoenix-network.org/

Server: freebsd, openbsd, gentoo, and debian
Services/Info: perl, gcc, tcl, sh, irssi, BitchX, nano, pico, eggdrops, webhosting...

http://www.shells.oceanius.com/

Server: linux
Services/Info: gcc, g++, tcl, perl, lynx, elinks, irssi, bitchx, screen, vim, pico, & MORE!

http://freeshells.mtveurope.org/

Server: Debian GNU/Linux
Services/Info: Telnet and SSH, gcc compiler, Perl, Python, shell scripting, IRC access to a local IRC server, Background processes, including detached sessions ("screen" command is available), FTP access (your own directory accessible via FTP), Your own crontab (running programs in specific periods of time)

http://www.systemshell.net/ [new!]

Server: Debian Linux
Services/Info: Email: YourUserName@systemshell.net, Website: http://www.systemshell.net/~YourUserName, Disk space is limited. Background processes are limited and can only be programs we have preinstalled on the system.

http://www.kverka.no/ [new!]

Server: FreeBSD
Services/Info: email/webmail,pop3,ssh,irc,ftp,web space,psybnc,eggdrop,muh,namserver (disk quota: 100mb)

http://a2b2.com/ [new!]

Server: ???
Services/Info: Each account comes with 10Mb of space. SSH access. Full details are on the website.

http://www.humpmeg.net [new!]

Server: FreeBSD
Services/Info: 30mb of storage with a public_html. If one wants more then 30mb then contact an admin and ask. irssi, bitchx etc etc. can run psybnc if wanted.

SDF (freeshell.org) - http://sdf.lonestar.org
GREX (cyberspace.org) - http://www.grex.org
NYX - http://www.nxy.net
ShellYeah - http://www.shellyeah.org
HOBBITON.org - http://www.hobbiton.org
FreeShells - http://www.freeshells.net
DucTape - http://www.ductape.net
Free.Net.Pl (Polish server) - http://www.free.net.pl
XOX.pl (Polish server) - http://www.xox.pl
IProtection - http://www.iprotection.com
CORONUS - http://www.coronus.com
ODD.org - http://www.odd.org
MARMOSET - http://www.marmoset.net
flame.org - http://www.flame.org
freeshells - http://freeshells.net.pk
LinuxShell - http://www.linuxshell.org
takiweb - http://www.takiweb.com
FreePort - http://freeport.xenos.net
BSDSHELL - http://free.bsdshell.net
ROOTshell.be - http://www.rootshell.be
shellasylum.com - http://www.shellasylum.com
Daforest - http://www.daforest.org
FreedomShell.com - http://www.freedomshell.com
LuxAdmin - http://www.luxadmin.org
shellweb - http://shellweb.net
blekko - http://blekko.net

> 1.) If a connection from the ftp client to the ftp server is in active or
in passive mode is
> a decision of the client - not of the server. Is this correct?

It's up to the client to request PASV mode.
If the server agrees, then PASV mode is set.
Otherwise, the client sets PORT ( active ) mode.

> 2.) Assume I type (as a client) at the command line:

> ftp ftp.foo.com

> How do I specify that I want to handle this (my ftp session) in passive

mode rather than in active?

XP's command-line FTP does not support the PASV command.
Do a ? at the ftp> prompt for a list of commands.
You can get 3-rd party command-line FTP utils which support PASV mode.
Here's one I found earlier ( which is nice ):

ftp://ftp.gnu.org/old-gnu/emacs/windows/contrib/ftp-for-win32.zip

Do a ? at ths one, and see there are many more commands.
PASV is the one you need.

The FTP function in IE has the option to use PASV mode for FTP.
Look in internet options.

All 3-rd party FTP clients have the option.

Before we get stuck into this, read these references...
http://slacksite.com/other/ftp.html
http://www.ncftpd.com/ncftpd/doc/misc/ftp_and_firewalls.html

> 3.) Assume there is a router and a firewall at server side.
> For active ftp I have to open
> - Port 21 for incoming TCP request in the firewall
> - Port 20 for outgoing TCP request in the firewall
> - Portforwarding NAT for Port 21 to the local IP (e.g. 192.168.0.34) in

the router configuration

Correct.
External: Any:Any -> Internal FTP_SERVER_IP:21 (to let in control
connection)
Internal: FTP_SERVER_IP:20 -> External Any: Any (to let data connection
out.)

> Which settings do I have to setup for passive ftp?
> As far as I know the client could initiiate the data channel to a server

port from a range e.g. 1500,...,1700

> Do I really have to setup NAT port forwarding for 200 ports ?

You are more or less correct.

In response to a PASV request, the server will provide an
IP address/port number for the client to connect to.
Some FTP servers may permit you to specify a range of ports to use.

You need to either:
open up all the ephemeral ports that the FTP server is configured to use,
or... perhaps the NAT device is clever enough to recognise the FTP session
and make special provision dynamically. This is called a NAT editor.

It's not elegant.
Basically, PASV mode doesn't work well if the server is behind NAT.

Passive FTP is a workaround for a firewall / NAT at the client side.
Passive mode is difficult to handle with firewall /NAT at the server side.

Aditionally, the FTP server will probably report the wrong IP address to
the client in response to the PASV request. It will give the internal IP
address,
not the public IP address. This can be handled in a couple of ways.
Either the FTP server needs to deduce the external IP by itself somehow,
or you need to be able to specify it. Failing that, the NAT device needs to
do special NAT editing and change the IP address contained within the
response to the PASV command.

> 4.) Which port range is normally used for data channels ftp servers in

passive mode?

Entirely depends on the FTP server.
Could be the entire ephemeral port range 1025 - 65535!
May be configurable on the server.

> 5.) Assume there is a firewall at the client side.
> For active ftp I (as a client) have to open
> - remote Port 21 for outgoing TCP requests
> - remote Port 20 for incoming TCP requests

Active mode means the server will generate an incoming connection
FROM it's port 20 TO *any* random port number on the client,
whatever the FTP client said in the PORT command.

Internal: Any:Any -> External: Any:21 to permit the control connection out;
External: Any:20 -> Internal: Any:Any to permit the datat connection in.

That's a massive hole to blow in a firewall!

As you see, active mode FTP doesn't work well behind a client firewall.
It requires a very large hole to permit the inbound FTP data connection.

> If I use passive ftp I have to open
> - all (!) remote Ports for outgoing requests because I do not know in

advance which remote port range
> the ftp servers offers me to communicate for the data channel. Is this

correct?

Internal: Any:Any -> External :Any:21 to permit the control connection out;
Internal: Any:Any -> External: Any:Any to permit the data connection out.

Permitting all outbound is less bad than permitting all inbound!

> 6.) If you look at all ftp connections worldwide. Which percentage is

handled by active ftp

> and which percentage by passive ftp mode?

No idea.

In short:
Active mode: Difficult with NAT or firewall client side. OK for NAT /
Firewall server-side.
PASV mode: OK for NAT / firewall client side. Difficult for NAT / Firewall
server-side.

If NAT or firewalls at both sides, FTP may not be possible.
Will require special handling in the NAT or firewall ao one side.
Something would have to give.
May never work, depends on smartness of NAT implimentation.

http://www.troubleshootingnetworks.com/ftpinfo.html

Saturday, November 19, 2005

Intel CPU & Motherboard monitor

http://www.intel.com/design/motherbd/active.htm

Friday, November 18, 2005

Bookmarks


Bookmarks Toolbar Folder

Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar

Mail CLA
Intranet CLA - Solutions
::: Mensajito :::
Num Sum
CLA Mail
Howstuffworks
AltaVista - Babel Fish Traducción
Computer and Information Science Papers CiteSeer Publications ResearchIndex
chris.com - ASCII Art Collection
MSN Display Pictures and Forum Avatars - MSN-Emotions.org
Sports MSN Display Pictures -



Firefox & Mozilla Information

Information about Firefox and Mozilla

Firefox Extensions
Firefox add-ons and extensions
Firefox Themes
Firefox themes
Firefox Discussions
MozillaZine's Firefox discussion forums
MozillaZine
Mozilla community news and advocacy



Quick Searches

Handy searches that can be performed in the Location Bar

Using Firefox Quick Searches
Learn how to create and use Firefox custom keywords and quick searches
Google Quicksearch
Type "google " in the Location Bar to perform a Google search
I'm Feeling Lucky Quicksearch
Type "goto " in the Location Bar to visit Google's top listing for that term
Dictionary.com Quicksearch
Type "dict " in the Location Bar to perform a dictionary look-up
Stock Symbol Quicksearch
Type "quot " in the Location Bar to perform a stock symbol look-up
Wikipedia Quicksearch
Type "wp " in the Location Bar to look up something in Wikipedia, a free online encyclopedia.
IMDB Quicksearch
Type "imdb " in the Location Bar to look up an actor, movie title, director etc on IMDB - The Internet Movie Database.


Guía de estaciones de radio
MSN.com
Juniper - ATM
Temas Principales en la Filosofía de S. Tomás de Aquino
The First Email
Email history
El Rincón Cultural - La Clave
Free file hosting by Savefile.com
- *TechLabs* CCNA
Router Simulator Download
Cacheability Engine at web-caching.com
Proctor Labs, Inc. : Online Cisco rack rental for CCIE Lab Preparation | Internet-Based Hardware for CCIE R&S, Security, Service Provider and Voice Lab Preparation
Rack Time Rentals
Cisco CCIE Router Pod Rack Rental

Precios

Firewalls - Cisco PIX, Check Point, SonicWall

Book 24
Occupational Outlook Handbook, 2004-05 Edition
Li yaj tuneltak Diose sk’an sakikuk - XRextikotak Jeova: Ti bu xu’ jtatik li Melel a’yejetik ta stojolal li Sosiedad Watchtower ti iktabil ta Internete
Video on demand - Wikipedia, the free encyclopedia

VoD

Kasenna :: Media Servers

EDGE - Enhanced Data rates for Global Evolution
WiMAX
display pict
Num Sum: web spreadsheets
Category:AJAX:Articles - Devmo
Writely - The Web Word Processor
Denken Über » Lista de Aplicaciones Ajax
Category:AJAX:Articles - Devmo
Intrusion Detection FAQ - The Internet's most trusted site for vendor neutral intrusion detection information
Outsourcing: How to Choose a Managed Internet Security Service Provider
FortiGate Documentation
NetEnforcer Command Line Interface
NetEnforcer 1000 Help

MPLS

Traffic Engineering with MPLS
Daniel Obi Awduche
MPLSRC - MPLS White Papers
Cover Story: MovingMPLS to the Edge
Understanding Private IP MPLS based networks
Abstract Listing

Merello. Los Comienzos
Redhat Using rndc
Howto Find the Video Codec Used In An AVI
Guide To AVI Playback In Windows Media Player
MuggleNet | MuggleCast
Hacker Highschool - www.hackerhighschool.org
The Firmware Page :: Index
DVD FAQ