- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- FTP:425 Possible PASV port theft, cannot open data...
Operating System - HP-UX
1824337
Members
3375
Online
109669
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-21-2008 01:56 PM
тАО11-21-2008 01:56 PM
FTP:425 Possible PASV port theft, cannot open data connection
A third party software package is running the following commands on a Solaris 9 server to an HP-UX 11.23 ftpd. I curious if there is a patched solution for this version of HP-UX.
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [TYPE A]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [200 Type set to A.]
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [PASV]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [227 Entering Passive Mode (166,29,3,139,31,197)]
WRITER_1_*_1> DBG_21064 Connecting to FTP dataport.
WRITER_1_*_1> FTP_14052 Creating data connection at [166.29.3.139:8133] using socket [30].
WRITER_1_*_1> DBG_21080 Created FTP command socket [29], data socket [30]
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [REST 0]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer.]
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [STOR /CFS/PRD/ftp/ms2cfsin/info/sub_paid_labor_in_c_vip]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [425 Possible PASV port theft, cannot open data connection.]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [FTP server sent terminal 4xx response code
:425 Possible PASV port theft, cannot open data connection.]
WRITER_1_*_1> CMN_1761 Timestamp Event: [Mon Nov 10 08:42:52 2008]
WRITER_1_*_1> FTP_14028 STOR /CFS/PRD/ftp/ms2cfsin/info/sub_paid_labor_in_c_vip
failed for file name [/CFS/PRD/ftp/ms2cfsin/info/sub_paid_labor_in_c_vip]
WRITER_1_*_1> FTP_14053 Closing FTP data connection with socket [30].
WRITER_1_*_1> FTP_14054 Closing FTP control connection with socket [29].
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [QUIT]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [221-You have transferred 0 bytes in 0 files.]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [221-Total traffic for this session was 1603 bytes in 0 transfers.
The following thread is the same issue.
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1227299854300+28353475&threadId=107643
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [TYPE A]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [200 Type set to A.]
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [PASV]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [227 Entering Passive Mode (166,29,3,139,31,197)]
WRITER_1_*_1> DBG_21064 Connecting to FTP dataport.
WRITER_1_*_1> FTP_14052 Creating data connection at [166.29.3.139:8133] using socket [30].
WRITER_1_*_1> DBG_21080 Created FTP command socket [29], data socket [30]
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [REST 0]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer.]
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [STOR /CFS/PRD/ftp/ms2cfsin/info/sub_paid_labor_in_c_vip]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [425 Possible PASV port theft, cannot open data connection.]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [FTP server sent terminal 4xx response code
:425 Possible PASV port theft, cannot open data connection.]
WRITER_1_*_1> CMN_1761 Timestamp Event: [Mon Nov 10 08:42:52 2008]
WRITER_1_*_1> FTP_14028 STOR /CFS/PRD/ftp/ms2cfsin/info/sub_paid_labor_in_c_vip
failed for file name [/CFS/PRD/ftp/ms2cfsin/info/sub_paid_labor_in_c_vip]
WRITER_1_*_1> FTP_14053 Closing FTP data connection with socket [30].
WRITER_1_*_1> FTP_14054 Closing FTP control connection with socket [29].
WRITER_1_*_1> DBG_21482 Socket [29] send FTP command: [QUIT]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [221-You have transferred 0 bytes in 0 files.]
WRITER_1_*_1> DBG_21480 Socket [29] received FTP response: [221-Total traffic for this session was 1603 bytes in 0 transfers.
The following thread is the same issue.
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1227299854300+28353475&threadId=107643
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-21-2008 09:48 PM
тАО11-21-2008 09:48 PM
Re: FTP:425 Possible PASV port theft, cannot open data connection
What are the IP addresses of these systems?
Any interesting network devices in between
them? (Firewalls? NAT?)
Any interesting network devices in between
them? (Firewalls? NAT?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-21-2008 11:10 PM
тАО11-21-2008 11:10 PM
Re: FTP:425 Possible PASV port theft, cannot open data connection
The FTP server thinks the FTP control connection is not coming from the same host as the FTP data connection. This triggers a security feature in most new FTP server versions. (It's likely that the modern versions of Solaris do it too.)
However, since there are some legitimate reasons for this, you can use the -P option of ftpd to override the security feature. Be aware that this opens a security hole.
Edit the ftpd command line in /etc/inetd.conf to add the -P option, run "inetd -c" and try again.
MK
However, since there are some legitimate reasons for this, you can use the -P option of ftpd to override the security feature. Be aware that this opens a security hole.
Edit the ftpd command line in /etc/inetd.conf to add the -P option, run "inetd -c" and try again.
MK
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2008 06:56 AM
тАО11-24-2008 06:56 AM
Re: FTP:425 Possible PASV port theft, cannot open data connection
To answer your question, I'm unsure of how the Solaris system is configured. The HP is configured as:
lan900: 166.29.3.138
lan900:1 166.29.3.139
lan900:2 166.29.3.140
They are setup for future Service Guard deployment using just the lan monitor, not APA. Does the passive use of ftp allow it to use any of the IP's above, i.e. control connection on one IP and the data connection on another? I would assume the request would be made to the same IP address on both counts.
lan900: 166.29.3.138
lan900:1 166.29.3.139
lan900:2 166.29.3.140
They are setup for future Service Guard deployment using just the lan monitor, not APA. Does the passive use of ftp allow it to use any of the IP's above, i.e. control connection on one IP and the data connection on another? I would assume the request would be made to the same IP address on both counts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2008 07:00 AM
тАО11-24-2008 07:00 AM
Re: FTP:425 Possible PASV port theft, cannot open data connection
No NAT's or firewalls to my knowledge. The Solaris system is on a different subnet. 198.7.8.195; however, there is a "clean" route to that network with only 2 hops.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP