Harsh but fair

Open source chicanery and the battle with my inner geek

«
»

FTP Bounce 227 = 22_ means SmartDefence not so Smart

Posted by raetsel on August 17, 2007

A quick update to my post about using Python to test FTP. I am indebted to Kevin for his comment on that post saying that he found the issue was related to the FTP Bounce protection in Checkpoint SmartDefence product.

Kevin jogged my memory to say that our Network Security team did find that the change made to the firewall that broke my FTP service was the enabling of the FTP Bounce protection. Having looked up what FTP Bounce is, it does indeed seem like something that should be protected against but clearly there seems to be a problem with the SmartDefence inplementation of it. At present FTP Bounce protection is turned off and my FTP service has been fine since.

I haven’t quite got the bottom of how SmartDefence ends up corrupting ports with a 4th quad of 227 but it appears to related to the fact that 227 is the status message for an FTP server entering passive mode.

This is all way beyond my area of expertise so I will leave it at that, other than to say if you get strange FTP behaviour check out if you are protecting against FTP Bounce with SmartDefence.

This entry was posted on August 17, 2007 at 7:56 am and is filed under Technical. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»