Re: Problem using alternate port range
- From: "Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 31 Dec 2007 10:57:05 +0800
Does it works if you rever to the default port 21/20 ?
FTP Error: 500 Invalid PORT Command
http://support.microsoft.com/?id=281193
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"greg gallager" <greggallager@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4DBCAF82-A05B-43C3-AE14-16F9D068EDFB@xxxxxxxxxxxxxxxx
If you are suggesting
ftp>PASV
that comes back as an invalid command
--
greg gallager
gallid assoc inc
".._.." wrote:
Try switching to passive mode (or forcing it as I think it's called on
the
CMD FTP.exe) The active mode might be defaulting back to the old port
range
(which is probably not being used by the server or blocked by your
security
devices). Active mode uses some other ports aside from 21.
I am not sure I'd count on the change you are making solving 100% of
those
problems though. Some of that stuff is botnets, but some of it isn't,
and
the stuff that isn't will find your FTP services anyway. In trade, you
have
to muck about with getting your users to put different numbers in the
ports
(at the very least).
My solution to the problem was leave it on the default port, but make
some
good documentation/scripts to let staff add IPs to the "allowed list" in
the
IIS security tab. All IPs that don't get listed get sent as an error.
This
does cause those attempts to show up in the event manager, and logs
still,
but since IIS isn't offering them an opportunity to log in, they can't
get
in through any amount of brute forcing.
A side bonus is, you get slightly more stuff in the log concerning the
passwords (with some of the bots, that dont stop upon the errors and
rather
keep spitting the passwords they are trying.
"greg gallager" <greggallager@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:31FB9882-9AA0-4555-B4EC-2E6C7F69970D@xxxxxxxxxxxxxxxx
Hi all,
I'm sick and tired of all the attempts by hackers to connect to our
companys
FTP server. I want to switch to 50020 and 50021 for example. We do
use a
firewall appliance and have enabled TCP connections for the new ports.
I created a second FTP site using the new ports.
From a client I can log in to the new site as follows:
C:\>ftp
ftp>open ourftpserver 50021
the login and password are entered then my welcome message is
displayed.
I can issue a CD command, however I cannot issue an LS command or GET
command. Well I can issue them but the response is...
ftp>get fileIwanted.exe
500 Invalid PORT Command.
150 Opening ASCII mode data connection for fileIwanted.exe (1081344
bytes).
And then I (at the client) freeze up. Same with the LS.
Not sure where to go from here.
Thanks in advance.
--
greg gallager
gallid assoc inc
.
- References:
- Re: Problem using alternate port range
- From: .._..
- Re: Problem using alternate port range
- From: greg gallager
- Re: Problem using alternate port range
- Prev by Date: Re: FTP Pass through for domain users
- Next by Date: Re: Setting up FTP Isolating Users using AD
- Previous by thread: Re: Problem using alternate port range
- Next by thread: Disable parent folder view
- Index(es):
Relevant Pages
|
Loading
