Re: Is FTP broken in 10.4.9 ?

---

• From: dempson@xxxxxxxxxxxxx (David Empson)
• Date: Wed, 25 Apr 2007 01:19:05 +1200

---

J.J. O'Shea <try.not.to@xxxxxxxxxxx> wrote:

On Mon, 23 Apr 2007 23:17:38 -0400, Darrell Greenwood wrote
(in article <230420072017373060%darrell.usenet6@xxxxxxxxxxxxx>):

I ask the last because my 'friendly' ISP has this policy:

1. The blocking of the following ports to inbound traffic. This
helps to secure your PC from virus and hacker activity, as well as
spam.
? TCP 21 (ftp)
? TCP 25 (smtp)
? TCP 80 (www)
? TCP 110 (pop3)
? TCP 6667 (ircd)
? TCP/UDP 135-139 (dcom and netbios)
? TCP/UDP 443 (ssl)
? TCP/UDP 445 (ms-ds)
? TCP/UDP 1433-1434 (ms-sql)

They block inbound port 80?! How can you view a web page? And ports 25, 110,
and 143 had better be open _somewhere_ on their system or you don't get
mail...

Blocking inbound port 80 means you can't run a web server on your home
computer (and expect anyone else on the Internet to be able to access
it). Blocking inbound 25 and 110 means you can't run your own mail
server. The others are similar (FTP server, IRC server, secure web
server, several Windows-specific things I'm not familiar with).

The ISP's web server and mail server will be accessible from the rest of
the Internet, and by you, so your incoming and outgoing e-mail (and
access to your mailboxes) are not affected.

Outgoing connections from your computer to the rest of the Internet are
not affected, so you will be able to access web sites (and probably
other mail servers, if you have e-mail accounts elsewhere).

These restrictions are completely pointless, except to stop people
running standard servers on their home computers. The claim that they
are to protect against viruses and hackers is misleading, as it implies
you will be safer due to these restrictions (you won't - a virus could
set up a server on a nonstandard port.) To really offer this sort of
protection, they should block all inbound ports.

--
David Empson
dempson@xxxxxxxxxxxxx
.

---

• References:
  • Is FTP broken in 10.4.9 ?
    • From: Nashton
  • Re: Is FTP broken in 10.4.9 ?
    • From: Darrell Greenwood
  • Re: Is FTP broken in 10.4.9 ?
    • From: J . J . O'Shea

• Prev by Date: Re: Headless Mini -- Bluetooth Assistant Problem
• Next by Date: Re: tempoarily changing startup disks on old macs
• Previous by thread: Re: Is FTP broken in 10.4.9 ?
• Next by thread: Re: Is FTP broken in 10.4.9 ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: FTp connect problem ... I've got login on localhost but not remotely. ... running IIS 6.0 on a stand alone server 03 enterprise, ... ftp, but I think there's a small but critical element I'm missing. ... >>> TCP aspeedyresponse:microsoft-ds ... (microsoft.public.inetserver.iis) Re: FTP Server Question ... >I'm trying out the new Bullet Proof ftp server that allows passive ... >that you need both tcp and udp enabled and I've seen information that FTP ... port 21 toward the server from any unreserved source port, ... (comp.security.firewalls) Re: Internal TCP/IP send buffer? ... and that has to be decided at your proxy server. ... UDP or a separate TCP connection to the target and periodically ... connections) constitutes a completely different source of latency. ... (microsoft.public.win32.programmer.networks) Re: Netzwerkproblem GBit -> 100MBit ... GBit-Kette - flow control zwingend notwendig sei. ... zwischen Client und Server. ... Das kann TCP an der Stelle nicht mehr leisten. ... (de.comp.sys.novell) Re: FTP server through firewall/router? ... on the server, and random ports above TCP 1024 on the client side. ... Here's this gist of an FTP connection: ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)