From: John Matus (john_matus@hotmail.com)
Date: Mon Jun 20 2005 - 18:15:33 GMT-3
i'm a bit confused how you would filter active ftp vs. passive ftp. both
sessions initate on the servers port 21 so i can see how you could filter
with w/:
access-l 100 deny tcp host 1.1.1.1 host 1.1.1.2 eq ftp
but when you get to the data part of the session it seems that you would
only be able to block active mode ftp with:
access-l 100 deny tcp host 1.1.1.1 host 1.1.1.2 eq ftp-data where the port
is 20. is this correct? is there another way to block passive mode ftp?
i suppose you could just block port 21 in either scenarion and that would
stop the command portion of the session so the data would be a mute point.
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3