We have an FTP server where we've disabled active FTP , so we often get complaints from users about being unable to use the server. Normally we just reply to specifically use passive mode, but we recently got a complaint from a user with a snippet of his output of the ftp client where he specifically mentions passive ftp and still gets a 550.
I set detailed logging on my vsftpd server using these parameters in the vsftpd.conf
log_ftp_protocol=YES
xferlog_std_format=NO
and started monitoring the vsftpd.log file.
It started showing me that despite the client showing me an output saying that the PASV command was issued, it was reaching us as PORT. On further investigation , we figured out that the person was using an ftp proxy and it was probably modifying the commands.
No comments:
Post a Comment