[isalist] Re: FTP Delete

• From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Wed, 31 May 2006 19:17:11 -0400

http://www.ISAserver.org
-------------------------------------------------------

Interesting but not the case here because I can delete if I log in using
my laptop from my office. While the local workstations cannot. Was worth
a shot though. I'm sure its going to be some equally as simple; just
have to spend some valuable time looking for that simple solution. Isn't
that always the way?

Amy
 



-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, May 31, 2006 7:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  
Actually, it's not to the point of "Let's try any God Dammed thing";
it's to the point of "get a network capture and let's see what shakes
out."

Interesting observation about the workstation name, since this isn't
part of any FTP control messaging.
I have to wonder how the server could be configured for that...

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Glenn P. JOHNSTON
Sent: Wednesday, May 31, 2006 16:06
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

From what i've read on this stream, this is probably not the case, but
since it seems to be getting to 'Let's try any God Dammed thing" point,
I'll throw this in.
 
About 18 months ago, we had a similar issue, users could FTP stuff up to
the server, drag it back but no matter what we tried, under any username
/ password, deletes would only work from a single PC.
 
After looking for weeks, and the company hosting the UNIX/FTP server
denying all knowledge of anything, it turned out that the guy who
admistered the UNIX box hosting the FTP server, had allowed  delete to
occur only if originating from a specific workstation, this was the
workstation of the person who had originally signed the hosting
agreement  To this day we are not sure how he got the wworkstation name,
but some how he did, and put this into a allow delete restriction on the
FTP server.
 
We had them remove that restriction, and everything was back to normal.

________________________________

From: Jim Harrison
Sent: Thu 01/Jun/2006 08:38
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete


http://www.ISAserver.org
-------------------------------------------------------
  
Hmm...
Whodathunkit?
:-p 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Wednesday, May 31, 2006 15:10
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  

The thing is that she uses the same FTP user account in all instances-
when she logs into the SBS/ISA box as administrator, then FTPs to the
SBC server under the shared FTP user credentials, she can do everything
she needs: RWD.
This behavior is the same when she logs in from a "direct" connection
not behind the SBS/ISA box.

However, when she logs in to the SBC FTP site under the same FTP user
credentials from an XP box, either as a normal user or the domain
administrator account, she can RW, but not delete.

This tells me that the traffic from the client is being handled
differently than the traffic from the server.  The big question is
"why?"  It can't be the FTP filter "read only" because the clients can
upload.

So, there is some rule that allows or pre-empts other rules that apply
to LocalHost that don't apply to Internal Network, or there is some
proxy config or something on the client end that horks the works.

At this point, a network trace is in order...

t


On 5/31/06 1:59 PM, "Troy Radtke" <TRadtke@xxxxxxxxxxxx> spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Have you checked file system permissions?  Since we don't know the OS,

> I'm guessing not.  That could explain write but not delete privileges,

> regardless of whatever permissions the user has on the FTP software.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, May 31, 2006 3:22 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> By server, I meant one of the local servers on site, not the FTP
server.
> Sorry for not being clear.
> 
> I don't know that OS the FTP server runs. I don't think it matters for

> this issue.
> 
> Amy
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Young, Gerald G
> Sent: Wednesday, May 31, 2006 4:11 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> What platform is it?
> 
> And I didn't quite understand what you meant when you said:
> 
> "If administrator logs into the workstation, no delete. If 
> administrator logs into the server, then delete works."
> 
> Do you mean to say that if a delete is attempted remotely it doesn't 
> work but if it's attempted on the server it works fine?
> 
> You say that it's the same FTP login credentials for all users.
> 
> If it works for you but not someone else, might the restriction be 
> based off of source IP?
> 
> Cordially yours,
> Jerry G. Young II
>   MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>  
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> PROPRIETARY MATERIAL and is thus for use only by the intended 
> recipient. If you received this in error, please contact the sender 
> and delete the e-mail and its attachments from all computers.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, May 31, 2006 4:05 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> The FTP site is not a Windows 2003 server.
> 
> Amy
>  
> 
> 
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Young, Gerald G
> Sent: Wednesday, May 31, 2006 3:50 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Amy,
> 
> If the users are getting a 550 access denied error that indicates to 
> me that traffic is passing between the client and server just fine.
> I'd look at the permissions on the particular file that they are 
> attempting to delete.
> 
> If the server is Windows 2003, you can open up properties on the file 
> in question, flip over to the security tab, hit the advanced button, 
> then flip to the effective permissions tab, plug in the user in 
> question and see what their effective permissions are for that file.
> 
> A lot of people will miss specific deny permissions on files, which 
> will take precedence over any allow permissions.
> 
> Cordially yours,
> Jerry G. Young II
>   MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>  
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> PROPRIETARY MATERIAL and is thus for use only by the intended 
> recipient. If you received this in error, please contact the sender 
> and delete the e-mail and its attachments from all computers.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, May 31, 2006 3:14 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] FTP Delete
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> I have a client whose FTP site is hosted by SBC. Local users are 
> unable to delete files on the FTP site. They get a 550 access denied
error.
> We've tried various FTP clients and IE with the same results. All 
> local PC's are XP SP2 running the firewall client. SBC insists this is

> a local firewall issue. I'm not seeing it. Anyone think SBC's 
> diagnosis has any merit? The only thing that has me questioning myself

> is that if I log onto the server as administrator and attempt to 
> delete from the FTP site, I can.
> 
> I have loads of successful FTP connections and only 2 denied packets 
> in the last 24 hours. They look like this:
>  
> Original Client IP Client Agent Authenticated Client Service Server 
> Name Referring Server Destination Host Name Transport MIME Type Object

> Source Source Proxy Destination Proxy Bidirectional Client Host Name 
> Filter Information Network Interface Raw IP Header Raw Payload Source 
> Port Processing Time Bytes Sent Bytes Received Result Code Cache 
> Information Log Record Type Log Time Destination IP Destination Port 
> Protocol Action Rule Client IP Client Username Source Network 
> Destination Network HTTP Method URL Error Information HTTP Status Code
> 70.229.250.114 -   SVCTAG-H442T91  -
> TCP   - -  -  -
> - - 1540 0 0 0 0xc0040017
> FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 Firewall
> 5/31/2006 9:25:26 AM 68.142.234.92 21 FTP Denied Connection -
> 70.229.250.114 - Local Host External 0x0 Amy
>  
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » [isalist] FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete
• » [isalist] Re: FTP Delete

1. Home
2. isalist
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---