next up previous contents
Next: Telnet Up: Protocols deliberately not contemplated Previous: HTTP   Contents


The File Transfer protocol, defined by RFC 114, and updated by RFCs 141, 171, 172, 265 and others, implements a way of communicating data that makes it very hard to be wrapped: Not only one port is opened. The client connects with the server, and the server connects using a second channel back to the client. This allows for separate data and control channels - and makes it much harder for the wrapper to function. If the wrapper opens a connection in behalf of the client to the server, then the server will try to connect back to the wrapper's IP address for the data channel. This channel would not be line-oriented, so it would have to be dealt with using a different strategy.

The author reccomends to all administrators wishing to protect their FTP daemons against DoS and buffer overflow attacks to set up the ProFTPD package, available for different Unix platforms, as it currently is the most secure freely available FTP server.

Gunnar Wolf