"Attack" of turing.suse.de

Support knowledgebase (cg_aktiveftp)
Applies to

SuSE Linux: All versions

Symptom

According to your firewall log entries, the computer turing.suse.de tries to set up a connection from the TCP port 20 to one of your computers. You fear this might be the attack of a hacker.

Cause

First basic rule: don't panic. You have probably tried to download data from turing.suse.de. Actually, turing.suse.de is the German FTP server of the company SuSE.

If you are using an active FTP, the FTP server will establish a connection to your client once the client has sent the command PORT. This PORT command precedes each utilizable data communication via ftp and is even used when the directory contents of the server are displayed.

By means of the PORT command, the FTP client signalizes that it accepts data on a certain TCP/IP port. Since the FTP client is started with normal user permissions, the reception port is a port larger than 1024.

Most package filter firewalls regard this connection setup as an unauthorized connection attempt from the outside, thus blocking it. Mostly, this attempt is also logged. As a result of this blockage, the ftp transmission does not work. Even though you can login, neither a listing of the directory contents nor a file transfer take place.

Solution

The ftp protocol has its origin in the initial days of the Internet, when safety aspects did not play a significant role yet. Meanwhile there is an extension of the ftp protocol, the so-called passive ftp.

Always use passive ftp. In the case of command line-oriented clients, you can usually switch from the active to the passive mode with the passive command.

References

For further information on the ftp protocol, refer to the respective, on line available RFCs:


See also:
o SuSE Linux from Internet

Keywords: ACTIVE, FTP, TURING, FIREWALL, CONNECTION ESTABLISHMENT, PASSIVE

Categories: Internet

SDB-cg_aktiveftp, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 18. Jun 2002
SuSE Linux AG - Last generated: 26. Jun 2002 by ip (sdb_gen 1.40.0)