Wierd Problem - List hanging after succeeding

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Post Reply
Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Wierd Problem - List hanging after succeeding

Post by Tornado » Thu Aug 30, 2007 10:15 pm

Problem
After successfully connecting to the server by an external computer using PASV mode and browsing a few directories successfully, the connection will freeze on a LIST command, causing the user to be disconnected and an attempt to re-connect initiates.

Configuration
CerberusFTP Server 2.45
Windows Vista Ultimate

Router
Port forward 21 - 21
Port forward range 1025 - 3500
UPNP disabled
NAT enabled

CerberusFTP
Detect WAN IP on startup = on (resolves to router's external IP)
Interface 192.168.1.2 set to autodetect (server already knows external IP from autodetect)
Other interfaces detected

FTP Client (used by remote PC)
SecureFX

Software Firewall (enabled)
Kaspersky Internet Security 7.0.0.125

Server Log
Aug 31 11:31:30 Attempting to detect WAN IP...
Aug 31 11:31:30 WAN IP detected as x.x.x.x

Aug 31 11:31:30 Vendor: GenuineIntel
Aug 31 11:31:30 CPU: Intel Core 2
Aug 31 11:31:30 Number of Processors: 2
Aug 31 11:31:30 Operating System: Microsoft Windows Vista
Aug 31 11:31:30 Additional Info: (Build 6000)

Aug 31 11:31:30 Cerberus FTP Server started
Aug 31 11:31:30 Local Host: x


Aug 31 11:31:30 Local Interface 0 located at fe80::1c8a:1183:3f57:fefd%10
Aug 31 11:31:30 Listening on Port 21

Aug 31 11:31:30 Local Interface 3 located at 192.168.1.2
Aug 31 11:31:30 Listening on Port 21

Aug 31 11:31:30 Local Interface 4 located at 2001:0:4136:e390:1c8a:1183:3f57:fefd
Aug 31 11:31:30 Listening on Port 21

Aug 31 11:31:35 0 Incoming connection request on interface 192.168.1.2
Aug 31 11:31:35 0 Connection request accepted from x.x.x.x
Aug 31 11:31:35 0 USER x
Aug 31 11:31:35 0 331 User x, password please
Aug 31 11:31:35 0 PASS ***********
Aug 31 11:31:35 0 230 Password Ok, User logged in
Aug 31 11:31:35 0 SYST
Aug 31 11:31:35 0 215 UNIX Type: L8
Aug 31 11:31:35 0 PWD
Aug 31 11:31:35 0 257 "/" is the current directory
Aug 31 11:31:35 0 TYPE A
Aug 31 11:31:35 0 200 Type ASCII
Aug 31 11:31:35 0 PASV
Aug 31 11:31:35 0 227 Entering Passive Mode (x,x,x,x,4,2)
Aug 31 11:31:35 0 LIST
Aug 31 11:31:35 0 150 Opening data connection
Aug 31 11:31:35 0 226 Transfer complete
Aug 31 11:31:42 0 CWD /x
Aug 31 11:31:42 0 250 Change directory ok
Aug 31 11:31:42 0 PASV
Aug 31 11:31:42 0 227 Entering Passive Mode (x,x,x,x,4,3)
Aug 31 11:31:42 0 LIST
Aug 31 11:31:42 0 150 Opening data connection
Aug 31 11:31:42 0 226 Transfer complete
Aug 31 11:31:43 0 CWD /x
Aug 31 11:31:43 0 250 Change directory ok
Aug 31 11:31:43 0 PASV
Aug 31 11:31:43 0 227 Entering Passive Mode (x,x,x,x,4,4)
Aug 31 11:31:43 0 LIST
Aug 31 11:31:43 0 150 Opening data connection
Aug 31 11:31:43 0 226 Transfer complete
Aug 31 11:31:44 0 PWD
Aug 31 11:31:44 0 257 "/x" is the current directory
Aug 31 11:31:44 0 CWD /x
Aug 31 11:31:44 0 250 Change directory ok
Aug 31 11:31:44 0 CWD /x
Aug 31 11:31:44 0 250 Change directory ok
Aug 31 11:31:44 0 PASV
Aug 31 11:31:44 0 227 Entering Passive Mode (x,x,x,x,4,5)
Aug 31 11:31:45 0 LIST x.x
Aug 31 11:31:56 1 Incoming connection request on interface 192.168.1.2
Aug 31 11:31:56 1 Connection request accepted from x.x.x.x
Aug 31 11:31:56 1 USER x
Aug 31 11:31:56 1 331 User x, password please
Aug 31 11:31:56 1 PASS ***********
Aug 31 11:31:56 1 230 Password Ok, User logged in
Aug 31 11:31:56 1 CWD /x
Aug 31 11:31:56 1 250 Change directory ok
Aug 31 11:31:56 1 TYPE A
Aug 31 11:31:56 1 200 Type ASCII
Aug 31 11:31:56 1 PASV
Aug 31 11:31:56 1 227 Entering Passive Mode (x,x,x,x,4,6)
Aug 31 11:31:56 1 LIST
Aug 31 11:31:56 1 150 Opening data connection
Aug 31 11:31:56 1 226 Transfer complete
Aug 31 11:31:57 1 CWD /x
Aug 31 11:31:57 1 250 Change directory ok
Aug 31 11:31:57 1 PASV
Aug 31 11:31:57 1 227 Entering Passive Mode (x,x,x,x,4,7)
Aug 31 11:31:57 1 LIST
Aug 31 11:31:57 1 150 Opening data connection
Aug 31 11:31:57 1 226 Transfer complete
Aug 31 11:31:58 1 CWD /x
Aug 31 11:31:58 1 250 Change directory ok
Aug 31 11:31:58 1 PASV
Aug 31 11:31:58 1 227 Entering Passive Mode (x,x,x,x,4,8)
Aug 31 11:31:58 1 LIST
Aug 31 11:31:58 1 150 Opening data connection
Aug 31 11:31:58 1 226 Transfer complete
Aug 31 11:31:58 1 CWD /x
Aug 31 11:31:58 1 250 Change directory ok
Aug 31 11:31:58 1 PASV
Aug 31 11:31:58 1 227 Entering Passive Mode (x,x,x,x,4,9)
Aug 31 11:31:58 1 LIST
Aug 31 11:31:58 1 150 Opening data connection
Aug 31 11:31:58 1 226 Transfer complete
Aug 31 11:31:59 1 CWD /x
Aug 31 11:31:59 1 250 Change directory ok
Aug 31 11:31:59 1 PASV
Aug 31 11:31:59 1 227 Entering Passive Mode (x,x,x,x,4,10)
Aug 31 11:31:59 1 LIST
Aug 31 11:32:59 2 Incoming connection request on interface 192.168.1.2
Aug 31 11:32:59 2 Connection request accepted from x.x.x.x
Aug 31 11:32:59 2 USER x
Aug 31 11:32:59 2 331 User x, password please
Aug 31 11:32:59 2 PASS ***********
Aug 31 11:33:03 2 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times
Aug 31 11:33:08 2 QUIT
Aug 31 11:33:08 2 Connection terminated.
Aug 31 11:33:16 0 Timeout while waiting for connection
Aug 31 11:33:16 0 Unable to accept passive connection
Aug 31 11:33:16 0 425 Unable to open the data connection
Aug 31 11:33:16 0 Warning: Improperly formatted FTP message received
Aug 31 11:33:30 1 Timeout while waiting for connection
Aug 31 11:33:30 1 Unable to accept passive connection
Aug 31 11:33:30 1 425 Unable to open the data connection
Aug 31 11:33:30 1 The connection was closed by the remote socket
Aug 31 11:33:30 1 Connection terminated.
Aug 31 11:34:35 Shutting down local Interface 4 located at 2001:0:4136:e390:1c8a:1183:3f57:fefd

Aug 31 11:34:36 Shutting down local Interface 0 located at fe80::1c8a:1183:3f57:fefd%10

Aug 31 11:34:58 0 Connection timed out. Shutting down connection...
Aug 31 11:35:00 0 Connection terminated.

Failed Login Attempt Above
Probably caused by user account set to max 2 simultaneous logins.

Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Post by Tornado » Thu Aug 30, 2007 11:10 pm

My suspect is the Kaspersky Internet Security.

Does anyone have an idea on what is causing this issue, perhaps inside Kaspersky or CerberusFTP? Kaspersky is fully allowing all CerberusFTP TCP/UDP traffic. Kaspersky isn't showing any problems in logs and isn't revealing any notifications.

Does CerberusFTP do anything strange to force the LIST command to fail?

For example, there is some incompatibilites with some FTP clients, is there something incompatible with the scanner?

Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Post by Tornado » Sat Sep 01, 2007 7:53 am

New thoughts ....

The problem is now also occurring while the full Kaspersky Internet Security application is disabled.

Anyways .....

My router obtains a new dynamic IP from the ISP's DHCP server. When this IP changes on the router's external interface, CerberusFTP doesn't become aware of this change and still maintains the old IP.

At the moment, CerberusFTP is detecting x.x.83.167 (by clicking the 'Use different IP for PASV' radio button it is shown) - and possibly the IP detected on CerberusFTP application startup. However my router is reporting a new IP of x.x.54.187. This indicates that CerberusFTP no longer knows the IP of the router's external address, and hence the failure.

Is this problem correct? If so, is it by design? or simply a bug? Have I got this correct?

Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Post by Tornado » Sat Sep 01, 2007 10:15 am

My previous posting is definitely correct ... CerberusFTP isn't updating the IP address internally when the router obtains a new IP from the ISP's DHCP pool.

Test Conducted
1. External PC connected to FTP Server and browsed - Succeeded.
2. Forced router to allocate new IP from ISP - Succeeded.
3. External PC connected to FTP Server and browsed - Failed (Cerberus using old IP)
4. Shutdown and exit Cerberus, restart Cerberus - Succeeded.
5. External PC connected to FTP Server and browsed (Cerberus now using new IP) - Succeeded.

Packsniffing has revealed that Cerberus (on startup) determines the external IP address of the router by connecting to a remote site. Can this occur more frequently to eliminate this problem? Better yet, provide an option for users to set the refresh time where Cerberus will reconnect to an external site to determine the latest IP address?

This explains why PASV works in the morning when I leave for work, and Cerberus has failed PASV connections in the log, by evening after work.

Previously, everything worked perfectly, perhaps until i disabled the highly insecure UPNP option within my router. The thought of having applications freely open ports/holes in the router without my explicit knowledge is a huge security problem ... unless it was another configuration option. Either way, the router is tighened down to protect external intrusion.

User avatar
linux.llama
User
Posts: 31
Joined: Wed Jun 13, 2007 3:19 am
Location: Scottsdale, AZ

Post by linux.llama » Tue Sep 18, 2007 2:13 am

Tornado,
What I use is a DNS service (DynDNS) for my IP resolution. I have a client inside the network that checks to be sure my external IP is still correct, and if it's not it updates the DNS record.
You can have Cerberus use this method as well, and it will check to be sure the name still resolves correctly every so often ( I'm guessing every day, I'm not sure)

Post Reply