Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
71727374757677787980
Chapter 7 Troubleshooting Security Servers and Content Security
Resolving Common FTP security server problems
Advanced Technical Reference Guide 4.1 June 2000 69
Reducing the MTU on the FireWall should help the situation. The FireWall will then require the server to
fragment the packets into smaller pieces, avoiding this problem. If the application does not allow fragmentation
of the packet, then it will not work with encryption.
See the SecureKnowledge Solution (ID: 33.0.241016.2462650) in the Check Point Technical Services site
FTP PASV vulnerability:
The FTP PASV vulnerability arises when the parsing of FTP control connections by VPN-1/FireWall-1 is
manipulated via the MTU. An FTP server PASV port number, as processed by VPN-1/FireWall-1, is associated
with the port number of a service with a known security issue (such as a ToolTalk port vulnerability on an un-
patched Solaris 2.6 system). This enables the client to exploit the server's vulnerability (i.e., an in.ftpd that
returned client-controlled data in an error message and running a possibly unnecessary service: ToolTalk) to
gain root access on the machine.
This vulnerability was reported to BugTrack on Wednesday, February 9
th
, 2000 by John MacDonald of
DataProtect.
For a solution http://www.checkpoint.com/techsupport/alerts/pasvftp.html
PORT command is blocked
If the FTP security server is active you may encounter the problem in which the PORT command is blocked
although you have modified the macro NOTSERVER_TCP_PORT in the base.def file
To overcome this, do the following
1. Add the following line to the :props section of the $FWDIR/conf/objects.C file on the
management station
:ftp_dont_check_random_port (true)
2. Configure file name aftpd.conf
See the SecureKnowledge Solution (ID: 10022.0.2917673.2504701
) in the Check Point Technical Services site.
FTP commands being blocked by the FTP Security Server
When issuing one of the following commands "get", "put"," delete", "mkdir"or"rename", the FTP
security server issues a PWD command in order to get the full path and put it in the log. The FTP server responds
to the "PWD" command with a "257" message, which according to RFC 959 must contain the absolute path in
quotes. When the path is not put in quotes (as required by the RFC), the command entered by the user will be
blocked by the FTP Security Server.
See the SecureKnowledge Solution (ID: 10022.0.123051.2372308
) in the Check Point Technical Services site.
PWD command is not enabled on the FTP server
When the FTP security server is enabled, while issuing the following commands "get", "put"," delete",
"mkdir"or"rename", the FTP security server issues a PWD command. Therefore PWD command should be
enabled on the server otherwise the connection will be dropped.
See the SecureKnowledge Solution (ID: 3.0.143507.2194044) in the Check Point Technical Services site.
The FTP Security Server has problem getting to sites which start with number such as 3ftp.3com.com. This
should be fixed in FireWall-1 4.0 SP7
10043.0.5311843.2582690