1827671 Members
3405 Online
109967 Solutions
New Discussion

ftp problem - with SSL

 
SOLVED
Go to solution
Mark McDonald_2
Trusted Contributor

ftp problem - with SSL

Hi all

I have just had this dropped in to my lap and do not have too much background at the minute...

We had a kermit ftp client running on hpux which all of a sudden stopped working last week. The firewall took a dislike to it :-(

Anyhow a fix has been put in place and I have been sent these details:

The firewall was operating properly, the error we were seeing from tracker indicated that from the time of failure (Thursday 7th ) the ftp ‘client’ was adding a new line character in the ftp data stream, this indicated that the ftp client was not fully RFC compliant and as a result of this the firewall was dropping the packet. This explains why all the firewalls we tested against were failing. The fix was done on the Management server and not the firewalls. This minor change basically informs the firewall that this is not an attack therefore ignoring the new line character and consequently not dropping the packet.The easier workaround would have been to change the ftp client that was RFC compliant!



What could have caused this newline character to start happening? Would a HP patch have caused it?
5 REPLIES 5
Deepak Kr
Respected Contributor

Re: ftp problem - with SSL

Is firewall you mentioned in running on same box or different one??

Anyways what is the fix you put for this issue?
"There is always some scope for improvement"
Mark McDonald_2
Trusted Contributor

Re: ftp problem - with SSL

I'm not sure what the fix was yet, still waiting for them to get back to me.

Firewall is on a separate box.
Steven Schweda
Honored Contributor
Solution

Re: ftp problem - with SSL

> [...] a kermit ftp client [...]

Not a complete description of the FTP client
software, or how it was being used. Is this
the internal-to-Kermit FTP client, or is
Kermit spawning out "ftp" commands?

C-Kermit> show versions

> [...] running on hpux [...]

Not a complete description of the OS.

> [...] stopped working [...]

Not a complete description of the problem.
What, exactly, "stopped working"? What,
exactly, did you do, and what, exactly,
happened when you did it?

> [...] I have been sent these details:

I don't understand how a firewall can know
that any particular newline character "in the
ftp data stream" is or is not "fully RFC
compliant", and not knowing exactly who is
complaining about exactly what doesn't help
matters any.

> What could have caused this newline
> character to start happening?

This might be easier to answer if we knew
anything at all about what was actually
happening. (_What_ "newline character"?
Where?)

> Would a HP patch have caused it?

Many things are possible, but it's hard (for
me) to imagine any plausible change to the
OS (whatever it is) affecting the behavior of
any FTP client this way (whatever "this way"
actually is).

Just curious: How does SSL enter into this?
Mark McDonald_2
Trusted Contributor

Re: ftp problem - with SSL

Steven

Thanks - I have passed that on to the people that dropped it on me :-) May be they will provide more info before pestering for an answer.
Mark McDonald_2
Trusted Contributor

Re: ftp problem - with SSL

.