[isapros] Re: Texas FTP

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Mon, 26 Mar 2007 08:09:13 -0700

"550 Failed to change directory." is not the problem.
This is expected, since there is no way for ISA to discern a directory from a 
file of the same name.
Thus, it attempts to CD to the full path as specified in the URL, and if that 
fails, it backs off to the last "/", looking for the end of the path and 
assumes that the remaining must be a file name.
ISA performs a CD to the truncated path, and then issues a a BIN, followed by a 
RETR for the file.
 
What is the NAT device between the ISA and the Internet?
Does it properly translate the PORT command?
Is it possibly blocking the illegal SYN packets that the FTP server sends?
The only way to know is to place a host on the public side (doesn't need an IP) 
and use NetMon in promiscuous mode to snag all the packets.

________________________________

From: isapros-bounce@xxxxxxxxxxxxx on behalf of Amy Babinchak
Sent: Sat 3/24/2007 9:27 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Texas FTP



From the SmartFTP client. Same error.

[12:26:08] SmartFTP v2.0.1000.3
[12:26:08] Resolving host name "ftp.dot.state.tx.us"
[12:26:08] Connecting to 204.64.21.7 Port: 21
[12:26:08] Connected to ftp.dot.state.tx.us.
[12:26:08] 220 "Welcome to TxDOT FTP service."
[12:26:08] USER anonymous
[12:26:08] 331 Please specify the password.
[12:26:08] PASS (hidden)
[12:26:08] 230-                                   License Agreement
[12:26:08] 230-                                                    
[12:26:08] 230-
[12:26:08] 230-BY DOWNLOADING FILES FROM THIS FTP SERVICE, YOU ARE
AGREEING TO THIS LICENSE AGREEMENT
[12:26:08] 230-
[12:26:08] 230-The Texas Department of Transportation (TxDOT) does not
provide technical support with
[12:26:08] 230-respect to these files.  You must read the following
disclaimer and accept its terms
[12:26:08] 230-as a prerequisite to the use of these files.
[12:26:08] 230-
[12:26:08] 230-1.  TxDOT makes no warranty of any kind, express or
implied, with respect to any file.
[12:26:08] 230-    TxDOT makes no warranty that any file is marketable
or fit for any particular purpose.
[12:26:08] 230-    A description of a file shall not be deemed to create
an express warranty that the file
[12:26:08] 230-    conforms to that description.  You agree to accept
the files in the format provided.
[12:26:08] 230-
[12:26:08] 230-2.  You assume all risk and liability for any losses,
damages, claims, or expenses resulting
[12:26:08] 230-    from the use or possession of any file.
[12:26:08] 230-
[12:26:08] 230-3.  You agree to indemnify, defend, and hold harmless
TxDOT and its officers, agents, and
[12:26:08] 230-    employees from and against any and all claims, suits,
losses, damages, or costs, including
[12:26:08] 230-    reasonable attorney's fees, arising from or by reason
of your use or possession of any file.
[12:26:08] 230-    This indemnification shall survive your acceptance of
any file.
[12:26:08] 230-
[12:26:08] 230-4.  Revisions or additions may occur at any time.  You
agree to indemnify, defend, and hold harmless
[12:26:08] 230-    TxDOT and its officers, agents, and employees from
and against any and all claims, suits, losses,
[12:26:08] 230-    damages, or costs, including reasonable attorney's
fees, arising from the use of outdated files. 
[12:26:08] 230-    This indemnification shall survive your acceptance of
any file.
[12:26:08] 230-
[12:26:08] 230-5.  The files are copyrighted by TxDOT and may not be
resold without the express written consent of TxDOT.
[12:26:08] 230-
[12:26:08] 230-
[12:26:08] 230 Login successful.
[12:26:08] SYST
[12:26:08] 215 UNIX Type: L8
[12:26:08] Detected Server Type: UNIX
[12:26:08] FEAT
[12:26:08] 211-Features:
[12:26:08]  EPRT
[12:26:08]  EPSV
[12:26:08]  MDTM
[12:26:08]  PASV
[12:26:08]  REST STREAM
[12:26:08]  SIZE
[12:26:08]  TVFS
[12:26:08] 211 End
[12:26:08] PWD
[12:26:08] 257 "/"
[12:26:08] CWD /pub/txdot-info/cmd/cserve/notice/apr07.exe
[12:26:08] 550 Failed to change directory.




-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Saturday, March 24, 2007 12:17 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Texas FTP

In her dump, it said "failed to change directories" before switching to
binary mode... something's up there..

t

----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: <isapros@xxxxxxxxxxxxx>
Sent: Saturday, March 24, 2007 9:08 AM
Subject: [isapros] Re: Texas FTP


Works fine:

C:\>ftp
ftp://ftp.dot.state.tx.us/pub/txdot-info/cmd/cserve/notice/apr07.exe
Unknown host
ftp://ftp.dot.state.tx.us/pub/txdot-info/cmd/cserve/notice/apr07.exe.
ftp> open
To ftp.dot.state.tx.us
Connected to ftp.dot.state.tx.us.
220 "Welcome to TxDOT FTP service."
User (ftp.dot.state.tx.us:(none)): anonymous
331 Please specify the password.
Password:
230-                                   License Agreement
230-
230-
230-BY DOWNLOADING FILES FROM THIS FTP SERVICE, YOU ARE AGREEING TO THIS
LICENSE AGREEMENT
230-
230-The Texas Department of Transportation (TxDOT) does not provide
technical support with
230-respect to these files.  You must read the following disclaimer and
accept its terms
230-as a prerequisite to the use of these files.
230-
230-1.  TxDOT makes no warranty of any kind, express or implied, with
respect to any file.
230-    TxDOT makes no warranty that any file is marketable or fit for
any particular purpose.
230-    A description of a file shall not be deemed to create an express
warranty that the file
230-    conforms to that description.  You agree to accept the files in
the format provided.
230-
230-2.  You assume all risk and liability for any losses, damages,
claims, or expenses resulting
230-    from the use or possession of any file.
230-
230-3.  You agree to indemnify, defend, and hold harmless TxDOT and its
officers, agents, and
230-    employees from and against any and all claims, suits, losses,
damages, or costs, including
230-    reasonable attorney's fees, arising from or by reason of your
use or possession of any file.
230-    This indemnification shall survive your acceptance of any file.
230-
230-4.  Revisions or additions may occur at any time.  You agree to
indemnify, defend, and hold harmless
230-    TxDOT and its officers, agents, and employees from and against
any and all claims, suits, losses,
230-    damages, or costs, including reasonable attorney's fees, arising
from the use of outdated files.
230-    This indemnification shall survive your acceptance of any file.
230-
230-5.  The files are copyrighted by TxDOT and may not be resold without
the express written consent of TxDOT.
230-
230-
230 Login successful.
ftp> cd pub
250-                                   License Agreement
250-
250-
250-BY DOWNLOADING FILES FROM THIS FTP SERVICE, YOU ARE AGREEING TO THIS
LICENSE AGREEMENT
250-
250-The Texas Department of Transportation (TxDOT) does not provide
technical support with
250-respect to these files.  You must reade the following disclamer and
accept its terms
250-as a prerequisite to the use of these files.
250-
250-1.  TxDOT makes no warranty of any kind, express or implied, with
respect to any file.
250-    TxDOT makes no warranty that any file is marketable or fit for
any particular purpose.
250-    A description of a file shall not be deemed to create an express
warranty that the file
250-    conforms to that description.  You agree to accept the files in
the format provided.
250-
250-2.  You assume all risk and liability for any losses, damages,
claims, or expenses resulting
250-    from the use or posession of any file.
250-
250-3.  You agree to indemnify, defend, and hold harmless TxDOT and its
officers, agents, and
250-    employees from and against any and all claims, suits, losses,
damages, or costs, including
250-    reasonable attorney's fees, arising from or by reason of your
use or possession of any file.
250-    This indemnification shall survive your acceptance of any file.
250-
250-4.  Revisions or additions may occur at any time.  You agree to
indemnify, defend, and hold harmless
250-    TxDOT and its officers, agents, and employees from and against
any and all claims, suits, losses,
250-    damages, or costs, including resonable attorney's fees, arising
from the use of outdated files.
250-    This indemnification shall survive your acceptance of any file.
250-
250-5.  The files are copyrighted by TxDOT and may not be resold without
the express written consent of TxDOT
250-
250 Directory successfully changed.
ftp> cd txdot-info
250 Directory successfully changed.
ftp> cd cmd
250 Directory successfully changed.
ftp> cd cserve
250 Directory successfully changed.
ftp> cd notice
250 Directory successfully changed.
ftp> get apr07.exe
200 PORT command successful. Consider using PASV.
150 Opening ASCII mode data connection for apr07.exe (139458 bytes).
226 File send OK.
ftp: 140018 bytes received in 0.05Seconds 2979.11Kbytes/sec.
ftp> bye
221 Goodbye.

C:\>

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)



> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> Sent: Saturday, March 24, 2007 9:59 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Texas FTP
>
> I have a client that needs to download contractor
> instructions from the
> Texas DOT. Client says that he used to be able to download
> FTP documents
> but that the State says they performed some "upgrades" and
> now he can't
> download FTP documents. "We haven't had many complaints." --- TX DOT.
> It's a www site. Then you click the link and it attempts to
> download the
> file using FTP in your browser. Which means we're stuck using
> IE as the
> FTP client.
>
> If you'd like to try it for yourself go to:
> http://www.dot.state.tx.us/business/outline.htm
> Under Pre-Letting - Highways, click on Notice to Contractors
> Click on Official Notice for April 2007 Letting (this is the FTP
> download)
>
>
> Firewall client installed on workstation. FTP allow rule in place in
> ISA. Using or not using the FTP filter = no download. This message
> occurs in the browser on the workstation.
>
> ISA Server: extended error message :
> 200 Switching to Binary mode.
> 200 PORT command successful. Consider using PASV.
> 425 Failed to establish connection.
>
> In the ISA logs I have only an FTP Allowed connection to this
> server. No
> denied packets.
>
> In a Network Monitor session from my PC with Firewall Client
> installed I
> only see the HTTP Get command after that nothing.
>
> In a Network Monitor session from my server running ISA, I have these
> packets:
>
> 96 5.315429 192.168.16.27 192.168.16.4 HTTP
> HTTP: Request, GET
> ftp://ftp.dot.state.tx.us/pub/txdot-info/cmd/cserve/notice/apr07.txt
> 98 5.315429 172.25.25.2 141.198.136.6 DNS
> DNS: QueryId = 0x3F3C, QUERY (Standard query), Query  for
> ftp.dot.state.tx.us of type Host Addr on class Internet
> 99 5.362304 141.198.136.6 172.25.25.2 DNS
> DNS: QueryId = 0x3F3C, QUERY (Standard query), Response - Success
> 100 5.362304 172.25.25.2 ns.dot.state.tx.us
> DNS DNS: QueryId = 0x3F3C, QUERY (Standard query), Query  for
> ftp.dot.state.tx.us of type Host Addr on class Internet
> 101 5.424804 ns.dot.state.tx.us 172.25.25.2
> DNS DNS: QueryId = 0x3F3C, QUERY (Standard query), Response -
> Success
> 102 5.424804 172.25.25.2 ftp.dot.state.tx.us
> TCP TCP: Flags=.S......, SrcPort=10581, DstPort=FTP control(21),
> Len=0, Seq=881058913, Ack=0, Win=65535 (scale factor 0) = 0
> 103 5.534179 192.168.16.4 192.168.16.27 TCP
> TCP: Flags=....A..., SrcPort=HTTP Alternate(8080),
> DstPort=1482, Len=0,
> Seq=1532377929, Ack=3696189552, Win=65282 (scale factor 0) = 0
> 106 5.471679 ftp.dot.state.tx.us 172.25.25.2
> TCP TCP: Flags=.S..A..., SrcPort=FTP control(21), DstPort=10581,
> Len=0, Seq=3243607039, Ack=881058914, Win=5840 (scale factor 0) = 0
> 107 5.471679 172.25.25.2 ftp.dot.state.tx.us
> TCP TCP: Flags=....A..., SrcPort=10581, DstPort=FTP control(21),
> Len=0, Seq=881058914, Ack=3243607040, Win=65535 (scale factor 0) = 0
> 108 5.534179 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '220  "Welcome to TxDOT FTP
> service."'
> 109 5.534179 172.25.25.2 ftp.dot.state.tx.us
> FTP FTP: Request from Port 10581,'USER anonymous'
> 110 5.581054 ftp.dot.state.tx.us 172.25.25.2
> TCP TCP: Flags=....A..., SrcPort=FTP control(21), DstPort=10581,
> Len=0, Seq=3243607077, Ack=881058930, Win=5840 (scale factor 0) = 0
> 111 5.581054 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '331  Please specify the password.'
> 112 5.581054 172.25.25.2 ftp.dot.state.tx.us
> FTP FTP: Request from Port 10581,'PASS IEUser@'
> 113 5.581054 24.231.162.80 172.25.25.2 SSL
> SSL
> 114 5.627929 24.231.162.80 172.25.25.2 SSL
> SSL
> 115 5.627929 172.25.25.2 24.231.162.80 TCP
> TCP: Flags=....A..., SrcPort=HTTPS(443), DstPort=53299, Len=0,
> Seq=3284276696, Ack=4236227266, Win=65404 (scale factor 0) = 0
> 116 5.627929 24.231.162.80 172.25.25.2 SSL
> SSL
> 117 5.627929 172.25.25.2 24.231.162.80 SSL
> SSL
> 118 5.627929 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '230 -
> License Agreement'
> 119 5.643554 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '230 -
> '
> 120 5.643554 172.25.25.2 ftp.dot.state.tx.us
> TCP TCP: Flags=....A..., SrcPort=10581, DstPort=FTP control(21),
> Len=0, Seq=881058944, Ack=3243607186, Win=65389 (scale factor 0) = 0
> 121 5.706054 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '230 -'
> 122 5.706054 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581,'230 -    damages, or costs,
> including reasonable attorney's fees, arising from the use of outdated
> files.  '
> 123 5.706054 172.25.25.2 ftp.dot.state.tx.us
> TCP TCP: Flags=....A..., SrcPort=10581, DstPort=FTP control(21),
> Len=0, Seq=881058944, Ack=3243608991, Win=65535 (scale factor 0) = 0
> 124 5.706054 172.25.25.2 ftp.dot.state.tx.us
> FTP FTP: Request from Port 10581,'CWD
> /pub/txdot-info/cmd/cserve/notice/apr07.txt'
> 125 5.752929 172.25.25.2 24.231.162.80 TCP
> TCP: Flags=....A..., SrcPort=HTTPS(443), DstPort=53299, Len=0,
> Seq=3284276696, Ack=4236227463, Win=65207 (scale factor 0) = 0
> 126 5.752929 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '550  Failed to change directory.'
> 127 5.752929 172.25.25.2 ftp.dot.state.tx.us
> FTP FTP: Request from Port 10581,'TYPE I'
> 128 5.815429 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '200  Switching to Binary mode.'
> 129 5.815429 172.25.25.2 ftp.dot.state.tx.us
> FTP FTP: Request from Port 10581,'PORT 172,25,25,2,41,86'
> 130 5.862304 ftp.dot.state.tx.us 172.25.25.2
> FTP FTP: Response to Port 10581, '200  PORT command successful.
> Consider using PASV.'
> 131 5.862304 172.25.25.2 ftp.dot.state.tx.us
> FTP FTP: Request from Port 10581,'RETR
> /pub/txdot-info/cmd/cserve/notice/apr07.txt'
>
>
> The question at hand is, is this a problem with the way ISA is set up,
> or is the a problem with the FTP site? I have my thoughts but I would
> like yours.
>
> Thanks,
>
> Amy
>
>
>








All mail to and from this domain is GFI-scanned.

• References:
  • [isapros] Re: Texas FTP
    • From: Thor \(Hammer of God\)
  • [isapros] Re: Texas FTP
    • From: Amy Babinchak

Other related posts:

• » [isapros] Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP
• » [isapros] Re: Texas FTP

1. Home
2. isapros
3. Archive
4. 03-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---