HPE Community
Operating System - HP-UX
1755691 Members
3446 Online
108837 Solutions
New Discussion юеВ

ftp error: "Possible PASV port theft".

 
zzz_3
New Member

тАО08-24-2001 05:22 AM

тАО08-24-2001 05:22 AM

ftp error: "Possible PASV port theft".

Hi,

We have a program that will talk to ftpd daemon (sends
commands to ftpd and set it to work in passive mode) to
arrange background ftp job between two HPUX w/s. It
works fine when running on HPUX 10.20.

Now we are migrating to HPUX 11i, and the program is
not working anymore. During the process of ftp, we
noticed an error message that we believe is output from
ftpd, it says something like "Possible PASV port theft,
cannot open data connection". If we copy another
version of ftpd over to HPUX 11i, then it is working fine
again.

So seems to us the ftpd daemon on HPUX 11i has
introduced some new security features to block the way we
are currently using it. Is this right?

Does anyone have any idea what is happening here? Is
there any system setup/configuration so that we can
disable this kind of security checking? or we have
to change our code?

Our project is kind of stuck here, so really thanks a lot
for your help.

Quintin
0 Kudos
Reply
3 REPLIES 3
Ralf Hildebrandt
Valued Contributor

тАО08-27-2001 02:00 AM

тАО08-27-2001 02:00 AM

Re: ftp error: "Possible PASV port theft".

http://www.securityportal.com/cover/coverstory20000814.html

rather use rsync over ssh, which offers far more security (encryption, compression, authentication) and speed (compression, incremental transfer).
Postfix/BIND/Security/IDS/Scanner, you name it...
0 Kudos
Reply
Andreas D. Skjervold
Honored Contributor

тАО09-18-2001 04:33 AM

тАО09-18-2001 04:33 AM

Re: ftp error: "Possible PASV port theft".

Hi
Ran into same problem when porting from Solaris to HP-UX11i, and couldnt get things running.
Tried on a HP-UX11.0 box and it worked. So this is definately a 11i issue.

We're for now running with the old ftpd, but would very much like this to work with the 11i daemon.

I'll be checking into this, and will keep an eye on this thread.

Andreas
Only by ignoring what everyone think is important, can you be aware of what everyone ignores!
0 Kudos
Reply
Andreas D. Skjervold
Honored Contributor

тАО10-05-2001 02:27 AM

тАО10-05-2001 02:27 AM

Re: ftp error: "Possible PASV port theft".

This solution we got from HP:
---
The HP ftpd server is returning the 425 response because the source ip
address used to open the ftp control connection is not the same as the ip
address supplied for the data connection, so the connection is refused.

Note: error 425 == Possible PASV port theft, cannot open data connection.

This is one of the possible security problems described internally as
JAGad12040 and fixed in PHNE_21936.

You will also notice when you remove patch PHNE_21936 everything should work
as before because by removing it, you remove the security features. But, it
should be better to check the workaround below.


Workaround:
-----------

The workaround is to run ftpd(1M) with the -P option to enable third party
transfer.
Please check the ftp statement in /etc/inetd.conf to see if the -P option is
used.
---

Andreas
Only by ignoring what everyone think is important, can you be aware of what everyone ignores!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.