|
|
You're in the
iis ftp
group:Problem using alternate port range
iis ftp:
I'm sick and tired of all the attempts by hackers to connect to our companys FTP server. I want to switch to 50020 and 50021 for example. We do use a firewall appliance and have enabled TCP connections for the new ports. I created a second FTP site using the new ports. From a client I can log in to the new site as follows: C:\>ftp ftp>open ourftpserver 50021 the login and password are entered then my welcome message is displayed. I can issue a CD command, however I cannot issue an LS command or GET command. Well I can issue them but the response is... ftp>get fileIwanted.exe 500 Invalid PORT Command. 150 Opening ASCII mode data connection for fileIwanted.exe (1081344 bytes). And then I (at the client) freeze up. Same with the LS. Not sure where to go from here. Thanks in advance. -- greg gallager
If you are suggesting
ftp>PASV that comes back as an invalid command -- greg gallager gallid assoc inc [quoted text, click to view] ".._.." wrote:
> Try switching to passive mode (or forcing it as I think it's called on the > CMD FTP.exe) The active mode might be defaulting back to the old port range > (which is probably not being used by the server or blocked by your security > devices). Active mode uses some other ports aside from 21. > > I am not sure I'd count on the change you are making solving 100% of those > problems though. Some of that stuff is botnets, but some of it isn't, and > the stuff that isn't will find your FTP services anyway. In trade, you have > to muck about with getting your users to put different numbers in the ports > (at the very least). > > My solution to the problem was leave it on the default port, but make some > good documentation/scripts to let staff add IPs to the "allowed list" in the > IIS security tab. All IPs that don't get listed get sent as an error. This > does cause those attempts to show up in the event manager, and logs still, > but since IIS isn't offering them an opportunity to log in, they can't get > in through any amount of brute forcing. > > A side bonus is, you get slightly more stuff in the log concerning the > passwords (with some of the bots, that dont stop upon the errors and rather > keep spitting the passwords they are trying. > > "greg gallager" <greggallager@discussions.microsoft.com> wrote in message > news:31FB9882-9AA0-4555-B4EC-2E6C7F69970D@microsoft.com... > > Hi all, > > > > I'm sick and tired of all the attempts by hackers to connect to our > > companys > > FTP server. I want to switch to 50020 and 50021 for example. We do use a > > firewall appliance and have enabled TCP connections for the new ports. > > > > I created a second FTP site using the new ports. > > > > From a client I can log in to the new site as follows: > > > > C:\>ftp > > ftp>open ourftpserver 50021 > > > > the login and password are entered then my welcome message is displayed. > > > > I can issue a CD command, however I cannot issue an LS command or GET > > command. Well I can issue them but the response is... > > > > ftp>get fileIwanted.exe > > 500 Invalid PORT Command. > > 150 Opening ASCII mode data connection for fileIwanted.exe (1081344 > > bytes). > > > > And then I (at the client) freeze up. Same with the LS. > > > > Not sure where to go from here. > > > > Thanks in advance. > > > > -- > > greg gallager > > gallid assoc inc > >
Try switching to passive mode (or forcing it as I think it's called on the
CMD FTP.exe) The active mode might be defaulting back to the old port range (which is probably not being used by the server or blocked by your security devices). Active mode uses some other ports aside from 21. I am not sure I'd count on the change you are making solving 100% of those problems though. Some of that stuff is botnets, but some of it isn't, and the stuff that isn't will find your FTP services anyway. In trade, you have to muck about with getting your users to put different numbers in the ports (at the very least). My solution to the problem was leave it on the default port, but make some good documentation/scripts to let staff add IPs to the "allowed list" in the IIS security tab. All IPs that don't get listed get sent as an error. This does cause those attempts to show up in the event manager, and logs still, but since IIS isn't offering them an opportunity to log in, they can't get in through any amount of brute forcing. A side bonus is, you get slightly more stuff in the log concerning the passwords (with some of the bots, that dont stop upon the errors and rather keep spitting the passwords they are trying. [quoted text, click to view] "greg gallager" <greggallager@discussions.microsoft.com> wrote in message news:31FB9882-9AA0-4555-B4EC-2E6C7F69970D@microsoft.com... > Hi all, > > I'm sick and tired of all the attempts by hackers to connect to our > companys > FTP server. I want to switch to 50020 and 50021 for example. We do use a > firewall appliance and have enabled TCP connections for the new ports. > > I created a second FTP site using the new ports. > > From a client I can log in to the new site as follows: > > C:\>ftp > ftp>open ourftpserver 50021 > > the login and password are entered then my welcome message is displayed. > > I can issue a CD command, however I cannot issue an LS command or GET > command. Well I can issue them but the response is... > > ftp>get fileIwanted.exe > 500 Invalid PORT Command. > 150 Opening ASCII mode data connection for fileIwanted.exe (1081344 > bytes). > > And then I (at the client) freeze up. Same with the LS. > > Not sure where to go from here. > > Thanks in advance. > > -- > greg gallager > gallid assoc inc
Does it works if you rever to the default port 21/20 ?
FTP Error: 500 Invalid PORT Command http://support.microsoft.com/?id=281193 -- Regards, Bernard Cheah http://www.iis.net/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "greg gallager" <greggallager@discussions.microsoft.com> wrote in message news:4DBCAF82-A05B-43C3-AE14-16F9D068EDFB@microsoft.com... > If you are suggesting > > ftp>PASV > > that comes back as an invalid command > > -- > greg gallager > gallid assoc inc > > > ".._.." wrote: > >> Try switching to passive mode (or forcing it as I think it's called on >> the >> CMD FTP.exe) The active mode might be defaulting back to the old port >> range >> (which is probably not being used by the server or blocked by your >> security >> devices). Active mode uses some other ports aside from 21. >> >> I am not sure I'd count on the change you are making solving 100% of >> those >> problems though. Some of that stuff is botnets, but some of it isn't, >> and >> the stuff that isn't will find your FTP services anyway. In trade, you >> have >> to muck about with getting your users to put different numbers in the >> ports >> (at the very least). >> >> My solution to the problem was leave it on the default port, but make >> some >> good documentation/scripts to let staff add IPs to the "allowed list" in >> the >> IIS security tab. All IPs that don't get listed get sent as an error. >> This >> does cause those attempts to show up in the event manager, and logs >> still, >> but since IIS isn't offering them an opportunity to log in, they can't >> get >> in through any amount of brute forcing. >> >> A side bonus is, you get slightly more stuff in the log concerning the >> passwords (with some of the bots, that dont stop upon the errors and >> rather >> keep spitting the passwords they are trying. >> >> "greg gallager" <greggallager@discussions.microsoft.com> wrote in message >> news:31FB9882-9AA0-4555-B4EC-2E6C7F69970D@microsoft.com... >> > Hi all, >> > >> > I'm sick and tired of all the attempts by hackers to connect to our >> > companys >> > FTP server. I want to switch to 50020 and 50021 for example. We do >> > use a >> > firewall appliance and have enabled TCP connections for the new ports. >> > >> > I created a second FTP site using the new ports. >> > >> > From a client I can log in to the new site as follows: >> > >> > C:\>ftp >> > ftp>open ourftpserver 50021 >> > >> > the login and password are entered then my welcome message is >> > displayed. >> > >> > I can issue a CD command, however I cannot issue an LS command or GET >> > command. Well I can issue them but the response is... >> > >> > ftp>get fileIwanted.exe >> > 500 Invalid PORT Command. >> > 150 Opening ASCII mode data connection for fileIwanted.exe (1081344 >> > bytes). >> > >> > And then I (at the client) freeze up. Same with the LS. >> > >> > Not sure where to go from here. >> > >> > Thanks in advance. >> > >> > -- >> > greg gallager >> > gallid assoc inc >> >> >>
Command-line FTP in Windows does not support passive-mode operation.
Alun. ~~~~ [quoted text, click to view] "greg gallager" <greggallager@discussions.microsoft.com> wrote in message
news:4DBCAF82-A05B-43C3-AE14-16F9D068EDFB@microsoft.com... > If you are suggesting > > ftp>PASV > > that comes back as an invalid command > > -- > greg gallager > gallid assoc inc > > > ".._.." wrote: > >> Try switching to passive mode (or forcing it as I think it's called on >> the >> CMD FTP.exe) The active mode might be defaulting back to the old port >> range >> (which is probably not being used by the server or blocked by your >> security >> devices). Active mode uses some other ports aside from 21. >> >> I am not sure I'd count on the change you are making solving 100% of >> those >> problems though. Some of that stuff is botnets, but some of it isn't, >> and >> the stuff that isn't will find your FTP services anyway. In trade, you >> have >> to muck about with getting your users to put different numbers in the >> ports >> (at the very least). >> >> My solution to the problem was leave it on the default port, but make >> some >> good documentation/scripts to let staff add IPs to the "allowed list" in >> the >> IIS security tab. All IPs that don't get listed get sent as an error. >> This >> does cause those attempts to show up in the event manager, and logs >> still, >> but since IIS isn't offering them an opportunity to log in, they can't >> get >> in through any amount of brute forcing. >> >> A side bonus is, you get slightly more stuff in the log concerning the >> passwords (with some of the bots, that dont stop upon the errors and >> rather >> keep spitting the passwords they are trying. >> >> "greg gallager" <greggallager@discussions.microsoft.com> wrote in message >> news:31FB9882-9AA0-4555-B4EC-2E6C7F69970D@microsoft.com... >> > Hi all, >> > >> > I'm sick and tired of all the attempts by hackers to connect to our >> > companys >> > FTP server. I want to switch to 50020 and 50021 for example. We do >> > use a >> > firewall appliance and have enabled TCP connections for the new ports. >> > >> > I created a second FTP site using the new ports. >> > >> > From a client I can log in to the new site as follows: >> > >> > C:\>ftp >> > ftp>open ourftpserver 50021 >> > >> > the login and password are entered then my welcome message is >> > displayed. >> > >> > I can issue a CD command, however I cannot issue an LS command or GET >> > command. Well I can issue them but the response is... >> > >> > ftp>get fileIwanted.exe >> > 500 Invalid PORT Command. >> > 150 Opening ASCII mode data connection for fileIwanted.exe (1081344 >> > bytes). >> > >> > And then I (at the client) freeze up. Same with the LS. >> > >> > Not sure where to go from here. >> > >> > Thanks in advance. >> > >> > -- >> > greg gallager >> > gallid assoc inc >> >>
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |