[thelist] Seeking a Better FTP Client (Hershel Robinson)
Phil
info at webdisplays.com
Thu Jul 19 14:31:11 CDT 2001
> 15. Seeking a Better FTP Client (Hershel Robinson)
>From: "Hershel Robinson" <hershelsr at yahoo.com>
>
>I am working with a certain Host company which has their FTP server set to
>timeout after 300 seconds if I don't upload or download a file.
>
>2 Can someone explain to me what this host's concern is about? All the
>other hosts with which I have worked accepted the NOOP and I can stay
>connected for hours at a time.
>
I would look for a better host, rather than bother with it, or just put up
with it. Hog telnetless megahosts like xo.com started this sort of nonsense
which is due to them having many thousands of pissant coupla page sites on
horridly overloaded IIS servers. If one has thousands of potential users,
one has to boot idlers off the line to retain some connectivity. Most FTP
daemons can only support a limited number of users. Most IIS thingys rely
on crippled FP extensions to provide second rate uploading. You get what
you pay for!
I would be very, very suspicious about this sites prime time connectivity.
If they have overloaded the server this badly it is likely to offer very
slow, poor performance during peak traffic periods.
On the other hand 300 seconds NTT (5 minutes) is still reasonably generous!
It doesn't make a lot of sense to stay connected while you're making a coffee!
You may also try other NOOPs like HELP and random switching from Binary to
Ascii or pwd or REST 0 commands. Pay careful attention to which commands
are being understood and which are not (STAT and dir are some of these) if
all else fails forget the SKA random commands (cuteftp) and just reconnect
after a few seconds. Sometimes these random commands can lock up the app at
a bad time.
You might only need this sort of connection if you are debugging a complex
set of poorly written cgi scripts, but not for html coding, surely...
The real security problem is from essentially insecure IIS servers that
basically have no useful sort of telnet security, nor any sort of owner
level executable security for any scripting that runs in the lamedoze
environment. This has nothing to do with FTP NTT settings. Even 1 minute
of unauthorized access is enough to worm any IIS thingy, and lately hackers
have needed breathtakingly little to do it.
Windoze 2k-xp scary and unnecessary full sockets support promises to be an
awful lot of new fun with them. It may be necesary for them to resort to
lame "Webshell" interfaces to try to limit access to these dangerously
insecure 2K/XP-IIS servers.
Now why would anybody need to spoof generated syn packets?
Phil Stark
http://www.webdisplays.com
More information about the thelist
mailing list