- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ftp error: "Possible PASV port theft".
Operating System - HP-UX
1755691
Members
3446
Online
108837
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2001 05:22 AM
тАО08-24-2001 05:22 AM
ftp error: "Possible PASV port theft".
Hi,
We have a program that will talk to ftpd daemon (sends
commands to ftpd and set it to work in passive mode) to
arrange background ftp job between two HPUX w/s. It
works fine when running on HPUX 10.20.
Now we are migrating to HPUX 11i, and the program is
not working anymore. During the process of ftp, we
noticed an error message that we believe is output from
ftpd, it says something like "Possible PASV port theft,
cannot open data connection". If we copy another
version of ftpd over to HPUX 11i, then it is working fine
again.
So seems to us the ftpd daemon on HPUX 11i has
introduced some new security features to block the way we
are currently using it. Is this right?
Does anyone have any idea what is happening here? Is
there any system setup/configuration so that we can
disable this kind of security checking? or we have
to change our code?
Our project is kind of stuck here, so really thanks a lot
for your help.
Quintin
We have a program that will talk to ftpd daemon (sends
commands to ftpd and set it to work in passive mode) to
arrange background ftp job between two HPUX w/s. It
works fine when running on HPUX 10.20.
Now we are migrating to HPUX 11i, and the program is
not working anymore. During the process of ftp, we
noticed an error message that we believe is output from
ftpd, it says something like "Possible PASV port theft,
cannot open data connection". If we copy another
version of ftpd over to HPUX 11i, then it is working fine
again.
So seems to us the ftpd daemon on HPUX 11i has
introduced some new security features to block the way we
are currently using it. Is this right?
Does anyone have any idea what is happening here? Is
there any system setup/configuration so that we can
disable this kind of security checking? or we have
to change our code?
Our project is kind of stuck here, so really thanks a lot
for your help.
Quintin
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-27-2001 02:00 AM
тАО08-27-2001 02:00 AM
Re: ftp error: "Possible PASV port theft".
http://www.securityportal.com/cover/coverstory20000814.html
rather use rsync over ssh, which offers far more security (encryption, compression, authentication) and speed (compression, incremental transfer).
rather use rsync over ssh, which offers far more security (encryption, compression, authentication) and speed (compression, incremental transfer).
Postfix/BIND/Security/IDS/Scanner, you name it...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2001 04:33 AM
тАО09-18-2001 04:33 AM
Re: ftp error: "Possible PASV port theft".
Hi
Ran into same problem when porting from Solaris to HP-UX11i, and couldnt get things running.
Tried on a HP-UX11.0 box and it worked. So this is definately a 11i issue.
We're for now running with the old ftpd, but would very much like this to work with the 11i daemon.
I'll be checking into this, and will keep an eye on this thread.
Andreas
Ran into same problem when porting from Solaris to HP-UX11i, and couldnt get things running.
Tried on a HP-UX11.0 box and it worked. So this is definately a 11i issue.
We're for now running with the old ftpd, but would very much like this to work with the 11i daemon.
I'll be checking into this, and will keep an eye on this thread.
Andreas
Only by ignoring what everyone think is important, can you be aware of what everyone ignores!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-05-2001 02:27 AM
тАО10-05-2001 02:27 AM
Re: ftp error: "Possible PASV port theft".
This solution we got from HP:
---
The HP ftpd server is returning the 425 response because the source ip
address used to open the ftp control connection is not the same as the ip
address supplied for the data connection, so the connection is refused.
Note: error 425 == Possible PASV port theft, cannot open data connection.
This is one of the possible security problems described internally as
JAGad12040 and fixed in PHNE_21936.
You will also notice when you remove patch PHNE_21936 everything should work
as before because by removing it, you remove the security features. But, it
should be better to check the workaround below.
Workaround:
-----------
The workaround is to run ftpd(1M) with the -P option to enable third party
transfer.
Please check the ftp statement in /etc/inetd.conf to see if the -P option is
used.
---
Andreas
---
The HP ftpd server is returning the 425 response because the source ip
address used to open the ftp control connection is not the same as the ip
address supplied for the data connection, so the connection is refused.
Note: error 425 == Possible PASV port theft, cannot open data connection.
This is one of the possible security problems described internally as
JAGad12040 and fixed in PHNE_21936.
You will also notice when you remove patch PHNE_21936 everything should work
as before because by removing it, you remove the security features. But, it
should be better to check the workaround below.
Workaround:
-----------
The workaround is to run ftpd(1M) with the -P option to enable third party
transfer.
Please check the ftp statement in /etc/inetd.conf to see if the -P option is
used.
---
Andreas
Only by ignoring what everyone think is important, can you be aware of what everyone ignores!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP