FTP Issues with customers, looking for some insight
FTP Issues with customers, looking for some insight
(OP)
Hello all,
I have a ton of questions and will try and pile all of them in this one post but feel free to answer any of them that you may know the answer to. They will all be related to FTP in one way or another as I have reached the end of things I can think of to try. Thanks to all who take the time to read and post.....
So I have created a Windows Server 2016 VM with FTP server enabled on it. It is hiding behind our business firewall with the firewall only allowing ports 20,21 and 23000-30000 as passive ports. Only US IPs are allowed to it and any outside the US IPs are hard coded to bypass in with those ports. Everything else is blocked. I have the IP and passive ports set in IIS. Have all of the users and folders set up as needed. It seems to work fine for all of the people that are accessing it. It has XML/CSV files of our product catalog, an images folder for our clients to import into their website, and one folder for them to add files. Everyone is accessing it either via a browser, Filezilla, or PHP calls. We started having an issue with two clients stating that they could upload files most of the time but it would randomly not be able to do so without any error codes. I tried watching the traffic with wireshark and all I see is that the connection just stops talking, no END packet, no more ACK packets, nothing. It just stops conversing. Since the business FW is in between it and the internet I tried disabling the Windows FW to see if it was causing any issues and the issue persisted. Tried checking the connection settings and increased timeouts but no dice.
So I decided to see if our business FW was causing the issue intermittently and made an exact copy of this VM and put it on the Internet side of our FW, restricted FTP to connect only from one IP that was having issues, and only enabled the same ports through the Windows FW but it has the exact same issue. I made an Ubuntu VSFTPD server from scratch and put it on the outside of our business FW but it had the exact same issue. The only thing I can think of is that they have a firewall between our servers and where ever they are calling the FTP request from and it is messing with things. If you have any ideas as to what could be causing it, please comment.
That led me down two different question paths as I don't know what else to try FTP-wise. One being is the server "safe" outside in the internet with only those ports open and isolated to FTP traffic only coming in from one IP? Since all you can do over port 20,21 is FTP and IIS wont allow any other IP address to connect I feel that is locked down. Even if they spoof that particular IP they need creds to get in. My main question is having ports 23000-30000 open. I don't have any other program installed on there that uses those ports other than being the passive ports for FTP. So I'm assuming this means they are "safe" as there really isn't anything to talk to on those ports on the server.
The second question I had was what other alternatives to FTP should I be looking into? What is being used out in the real world? This isn't super sensitive data on the FTP server but obviously would rather it not fall into the "wrong" hands. Saw there was something called AS2 but that sounds like a nightmare to get other super small companies to deal with as there is setup on their end too. Feel free to offer other suggestions.
Thanks all!
I have a ton of questions and will try and pile all of them in this one post but feel free to answer any of them that you may know the answer to. They will all be related to FTP in one way or another as I have reached the end of things I can think of to try. Thanks to all who take the time to read and post.....
So I have created a Windows Server 2016 VM with FTP server enabled on it. It is hiding behind our business firewall with the firewall only allowing ports 20,21 and 23000-30000 as passive ports. Only US IPs are allowed to it and any outside the US IPs are hard coded to bypass in with those ports. Everything else is blocked. I have the IP and passive ports set in IIS. Have all of the users and folders set up as needed. It seems to work fine for all of the people that are accessing it. It has XML/CSV files of our product catalog, an images folder for our clients to import into their website, and one folder for them to add files. Everyone is accessing it either via a browser, Filezilla, or PHP calls. We started having an issue with two clients stating that they could upload files most of the time but it would randomly not be able to do so without any error codes. I tried watching the traffic with wireshark and all I see is that the connection just stops talking, no END packet, no more ACK packets, nothing. It just stops conversing. Since the business FW is in between it and the internet I tried disabling the Windows FW to see if it was causing any issues and the issue persisted. Tried checking the connection settings and increased timeouts but no dice.
So I decided to see if our business FW was causing the issue intermittently and made an exact copy of this VM and put it on the Internet side of our FW, restricted FTP to connect only from one IP that was having issues, and only enabled the same ports through the Windows FW but it has the exact same issue. I made an Ubuntu VSFTPD server from scratch and put it on the outside of our business FW but it had the exact same issue. The only thing I can think of is that they have a firewall between our servers and where ever they are calling the FTP request from and it is messing with things. If you have any ideas as to what could be causing it, please comment.
That led me down two different question paths as I don't know what else to try FTP-wise. One being is the server "safe" outside in the internet with only those ports open and isolated to FTP traffic only coming in from one IP? Since all you can do over port 20,21 is FTP and IIS wont allow any other IP address to connect I feel that is locked down. Even if they spoof that particular IP they need creds to get in. My main question is having ports 23000-30000 open. I don't have any other program installed on there that uses those ports other than being the passive ports for FTP. So I'm assuming this means they are "safe" as there really isn't anything to talk to on those ports on the server.
The second question I had was what other alternatives to FTP should I be looking into? What is being used out in the real world? This isn't super sensitive data on the FTP server but obviously would rather it not fall into the "wrong" hands. Saw there was something called AS2 but that sounds like a nightmare to get other super small companies to deal with as there is setup on their end too. Feel free to offer other suggestions.
Thanks all!
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
RE: FTP Issues with customers, looking for some insight
LoPath
Maintain HiPath 4000 V5 & V6, OpenScape Xpert V4 & V6, OpenScape Xpressions V7, OpenScape Contact Center V8, OpenScape Voice V9
RE: FTP Issues with customers, looking for some insight
Thoughts?
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
RE: FTP Issues with customers, looking for some insight
"Box Platform enables you to use Box as the content management platform for your entire business, helping content flow seamlessly across every part of your organization. With our easy-to-use APIs, you can integrate Box with other apps and systems, run scripts to manage content, users or settings in Box programmatically, and interact with content in Box as part of your custom workflows and processes."
LoPath
Maintain HiPath 4000 V5 & V6, OpenScape Xpert V4 & V6, OpenScape Xpressions V7, OpenScape Contact Center V8, OpenScape Voice V9
RE: FTP Issues with customers, looking for some insight
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.