From: Sumit (sumit.kumar@comcast.net)
Date: Mon May 30 2005 - 19:49:54 GMT-3
A "lab" solution would be to match ACL with TCP ports greater than 1023.
I remember seeing it somewhere.....
----- Original Message -----
From: "simon hart" <simon.hart@btinternet.com>
To: <ccielab@groupstudy.com>
Sent: Monday, May 30, 2005 5:04 PM
Subject: Rate Limiting FTP
> All,
>
> If one is asked to rate limit FTP then how is this achieved if the FTP
> sessions are Passive.
>
> My understanding is that with passive FTP random ports will be created for
> the source and destination ports. These ports are communicated via the
FTP
> control session on port 21.
>
> Now if I classify my traffic using an acl, and I use the key word FTP,
then
> it is only matching the control traffic on port 21. If I choose the
> ftp-data option then I shall be using port 20, but that is for Active
> sessions and I am keen to rate limit passive sessions.
>
> If I use Nbar, my understanding is that nbar will only match on the
control
> channel, is this correct. If that is the case then there is no way to
match
> and thus rate limit a passive FTP data channel using either of these
> methods.
>
> Any help appreciated
>
> Simon
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 27/05/2005
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3