Great Circle Associates Firewalls
(June 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Allowed SideWinder FTP Proxy Commands
From: arager @ mcgraw-hill . com
Date: Tue, 10 Jun 97 16:07:33 -0500
To: <firewalls @ greatcircle . com>
Cc: <bill . stout @ hidata . com>

     
     Bill Stout was interested in compiling a list of allowed commands in 
     specific proxies....I think this is a great idea!  
     
     -- Bill-- Here's some info for your list about Secure Computing Corp's 
     SideWinder Firewall and allowed FTP proxy commands.
     
     Will try to also compile a list of which proxies are 'generic' 
     proxies, and what controls the specific proxies place on sessions 
     [time permitting of course]. Offhand, the POP3, WHOIS, AOL, gopher, 
     SSL, and NNTP proxies seem to be 'generic'. [--Secure Computing--feel 
     free to contribute anything that will help the rest of us understand 
     your product better!]
     
     
     I think these are the commands that SCC's SideWinder 3.0.1 will allow 
     thru a transparent FTP proxy. [tested and snarfed from SideWinder 
     V3.0.1 patchlevel 1 FTP proxy]
     
     XRMD, XPWD, XMKD, XCWD, XCUP, USER, TYPE, SYST, STRU, STOU, STOR, 
     STAT, SMNT, SIZE, SITE, RNTO, RNFR, RMD, RETR, REST, REIN, QUIT ,PWD, 
     PORT, PASV, PASS, NOOP, NLST, MODE, MKD, MDTM, MACB, LIST, HELP, DELE, 
     CWD, CDUP, APPE, ALLO, ACCT, ABOR
     
     
     I am unsure what type of controls the proxy has on data passed along 
     with each of the commands...I don't think that it checks anything 
     other than a match of the FTP command [5char max?]....except with the 
     'user' command..'user' must also have a username parm before passing 
     off to FTP host.
     
     SCC would not reveal this info to me, so a quick 'more' of the proxy 
     shows the above commands.  All seem to be understood by the proxy 
     [even if unsupported at the dest. server]
     
     It responds with things like:
     '500 'nocmd': command not understood by Sidewinder proxy.'
     for unknown commands.
     
     Hope the info helps.
     
     Anton Rager
     Standard & Poor's Compustat
     arager @
 McGraw-Hill .
 com



Indexed By Date Previous: MS Proxy Server and SOCKS4/ mapped links/ plugs
From: Nick Keenan <nick @ gsionline . com>
Next: Re: Stateful Packet Filters vs. Proxies
From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread Previous: RE: MS Proxy Server and SOCKS4/ mapped links/ plugs
From: nkeenan @ gsionline . com (Nick Keenan)
Next: Firewall-1, Multiple NICs, DMZ & NAT
From: Rick Hardy <rick @ rapid . net>

Google
 
Search Internet Search www.greatcircle.com