Anyone dealing with FTP and firewalls has to ask himself “what were those guys smoking?” As we all know, FTP is seriously broken:
- Command and data streams use separate sessions.
- Layer-3 addresses and layer-4 port numbers are carried in layer-7 messages.
- FTP server opens a reverse session to a dynamic port assigned by the FTP client.
Once upon a time, there was a very good reason for this weird behavior. As Marcus Ranum explained in his Internet nails talk @ TEDx (the title is based on the For Want of a Nail rhyme), the original FTP program had to use two sessions because the sessions in the original (pre-TCP) Arpanet network were unidirectional. When TCP was introduced and two sessions were no longer needed, the programmer responsible for the FTP code was simply too lazy to fix it.
Popularity: 10% [?]
Related posts:
