In: Categories » Computers and technology » VPN » RFC 959 specifies the commands that a minimum implementation
RFC 959 specifies the commands that a minimum implementation of FTP must support, and RFC 1123 updates this list with additional commands. The implementation specified by RFC 1123 is more capable in handling communications between computers that may use different operating systems, file systems, and firewall protection. However, RFC 1123 says that computers whose operating system or file system doesn’t allow or support a command aren’t obligated to add support for it. So for example, an embedded system whose file system doesn’t support subdirectories can run an FTP server that doesn’t support MKD, CWD, or other commands that manipulate directories. In reality, which commands a system’s software needs to support depends in part on how the system will use FTP. On a PC, a user that needs to exchange files with varied FTP servers will want an FTP client application that is as capable and flexible as possible. And an FTP server that is available to varied clients will want to support a large command set. But an embedded system that exchanges files only with known FTP clients or servers can have a more minimal implementation. If the transfers are only with known servers or clients and are controlled entirely by software at both ends, the commands can be known, predictable, and thus limited. The following commands are the minimum implementation required by RFC 1123, plus EPSV and EPRT, which have additional support for IP v6 addresses. The commands included in RFC 959’s smaller subset are noted as well.
ACCT account The ACCT command identifies a user account. A server may require an ACCT value to log on, or a system may use accounts to grant specific privileges (to store files, for example) at any time after logging on.
APPE pathname With the APPE command, the client requests the server to append the received data to the named file if it exists, and otherwise to create the file and store the received data in it.
CDUP The CDUP command requests to change to the current directory’s parent directory.
CWD pathname The CWD command requests to change the working directory to the directory specified in pathname.
DELE pathname The DELE command requests to delete the file specified in pathname on the server.
EPSV The EPSV command requests the server to wait for the client to open the data connection instead of having the server open the connection. The server responds to this request with code 227 entering extended passive mode, followed by the port number where the server will listen for the client. The format of the response is:
Entering Extended Passive Mode (|||port_number|) where port_number is the number of the port the server will be listening on. The recommended delimiter character is ASCII 124 (|). The first two fields are place holders for future use and must be empty. The format is similar to the format of the argument passed with EPRT, described below. This command is defined in RFC 2428: FTP Extensions for IPv6 and NATs. Also see the PASV command. Many servers support PASV, but not EPSV.
EPRT The EPRT command enables the client to provide an extended address for the data connection. The format of EPRT is: EPRT |net-prt|net-addr|tcp-port| where: net-prt is an Address Family Number from the list maintained by IANA. IP Version 4 is 1; IP Version 6 is 2. net-addr is the IP address. IP Version 4 addresses use dotted quad notation. IP Version 6 addresses use the representation described in RFC 2373: IP Version 6 Addressing Architecture. tcp-port is the number of the TCP port where the host is listening for a connection. This command is defined in RFC 2428: FTP Extensions for IPv6 and NATs. Also see the PORT command. Many servers support PORT, but not EPRT.
legal notice
Our website is not responsible for the information contained by this article. Web-articles is a free articles resource.
Suggestion: If you need fresh, daily updated content for your website, feel free to use our service. Click here for more information.
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above.
related articles
As our businesses depend more and more on networks and the resources they provide, it is increasingly important that we protect these resources from unauthorized access, attacks, and exploits against vulnerabilities. As security professionals, our success is not dependant on fixing these inherent and ongoing problems, but relies on our abilities to select, implement, and configure solutions that protect our resources. The threats, attacks, and abuse will always be present as long as we have networks and ...
2. Writing Logical Security Configurations for VPN
Are you ready to start writing your logical security configurations? If you are like most security professionals, this is what we like to do. While we all understand planning is a critical process for success, it is the actual configurations and implementations we like to spend our time working on. Since firewall and VPN solutions provide different capabilities, we have divided this section into two parts.The first part covers Firewall logical security configurations, and the second part covers VPN logical...
3. Determining who needs remote access to your VPN
Who Needs Remote Access? Determining who needs to use your VPNs is not an easy task that can be done in just minutes. It is not uncommon for almost every employee to need some form of VPN access at one point or another.This introduces many challenges from user management to the auditing of your systems and individual access logs.This is an area in which your user groups and centralized user management systems will play an important role. It will help ensure your access rights are secure and grant...
4. Attacks can be divided into three main categories
Attacks Attacks can be divided into three main categories: - Reconnaissance Attacks Hackers attempt to discover systems and gather information. In most cases, these attacks are used to gather information to set up an access or a Denial of Service (DoS) attack. A typical reconnaissance attack might consist of a hacker pinging Internet Protocol (IP) addresses to discover what is alive on a network.The hacker might then perform a port scan on the system to see which applica...
5. System and Software Exploits
System and software exploits allow hackers to take advantage of weaknesses of particular OSs and applications (often called bugs). Like protocol exploits, they are used by intruders to gain unauthorized access to computers or networks, or to crash or clog up the systems to deny service to others. Common bugs can be categorized as follows: - Buffer Overflows Many common security holes are based on buffer overflow problems. Buffer overflows occur when the number ...
6. Types of attack and protocols
Phishing, the new information gathering technique, is spreading and becoming more sophisticated. Phishing e-mails either ask the victim to fill out a form or direct them to a Web page designed to look like a legitimate banking site.The victim is asked for personal information such as credit card numbers, social security number, or other data that can then be used for identity theft.There has been at least one insidious phishing scheme that uses a Secure Sockets Layer (SSL) certificate so that the data...
7. Attacks over TCP and UDP ports
TCP/UDP Ports A port number is a virtual “mail slot” on each of these machines. Applications running on computers listen to the Internet for incoming information on these ports. Certain applications listen on certain ports.The Internet Assigned Numbers Authority (IANA [www.iana.org]) defines these ports (e.g.,Web servers listen on ports 80 and 443 and File Transfer Protocol (FTP) servers listen on port 21. Hypertext Transfer Protocol (HTTP), Hyper-Text Transfer Protocol Secure socke...
8. Application Proxy and Gateway Firewalls
Firewall Types There are two basic types of firewalls: Application Proxy and Gateway. Gateways are divided into packet filters and stateful inspection firewalls.These differ in function and design and have different uses in network architecture. Never try to have one type of firewall do the duty of another type. It is better to have a well-run and securely configured firewall doing its intended job, than to have something doing a job for which it wasn’t designed.This is an invitati...
9. The inspection of TCP IP packets
The Inspection Process The inspection of TCP/IP packets is a multi-step procedure. What follows is a summary of the steps, not necessarily in order : 1. A packet arrives at the outside interface. It is checked for permitted or denied ports and IP addresses. Note that stateful inspection firewalls require both a port and an IP address. IP addresses can be in the form of a single machine, group of IP addresses, or “any,” meaning any valid IP address on the spec...
10. Lower Data Transfer Rates Than a Packet Filter
Networking Standard A stateful inspection firewall is the de facto standard for network protection at this time. Installing less is not a wise move without good reason (e.g., a requirement for the fastest possible data transfer while maintaining some protection for the internal network). Performance and Protection The balance of performance versus protection between a packet filter and an application proxy is excellent. Since stateful inspection is the curre...