FTP Failover

Advertisement

baumlerd
Joined:
Posts:
1

FTP Failover

I am using the .NET Library to do SFTP transfer and during a PCI scan of logs they found that there was traffic going across FTP (port 21) but the program is only using SFTP (port 22). In the log files it was found that when port 22 failed it was trying to access port 21 which is disable via the firewalls but they are concerned as the traffic is there at all.

I tried a connection thru the WinSCP gui with logging turned on and it shows that WinSCP is "Knocking FTP port" after a failed connect on port 22.

Is there a way to stop this functionality so that it does not try port 21 after a failed port 22 connection?

. 2016-12-06 15:01:56.400 --------------------------------------------------------------------------
. 2016-12-06 15:01:56.400 WinSCP Version 5.9.3 (Build 7136) (OS 6.1.7601 Service Pack 1 - Windows 7 Professional)
. 2016-12-06 15:01:56.400 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2016-12-06 15:01:56.400 Log level: Debug 2
. 2016-12-06 15:01:56.400 Local account: XXXXXXXXXXXXXXX
. 2016-12-06 15:01:56.400 Working directory: XXXXXXXXXXXXXXXXXXXXXX
. 2016-12-06 15:01:56.400 Process ID: 2396
. 2016-12-06 15:01:56.400 Command-line: "C:\XXXXXXXXXXXXX\WinSCP.exe" 
. 2016-12-06 15:01:56.400 Time zone: Current: GMT-5, Standard: GMT-5 (Eastern Standard Time), DST: GMT-4 (Eastern Daylight Time), DST Start: 3/13/2016, DST End: 11/6/2016
. 2016-12-06 15:01:56.400 Login time: Tuesday, December 06, 2016 3:01:56 PM
. 2016-12-06 15:01:56.400 --------------------------------------------------------------------------
. 2016-12-06 15:01:56.400 Session name: SFTP XXX.XXX.XXX.XXX (Site)
. 2016-12-06 15:01:56.400 Host name: XXX.XXX.XXX.XXX (Port: 22)
. 2016-12-06 15:01:56.400 User name: XXXXXXXX (Password: Yes, Key file: No, Passphrase: No)
. 2016-12-06 15:01:56.400 Tunnel: No
. 2016-12-06 15:01:56.400 Transfer Protocol: SFTP (SCP)
. 2016-12-06 15:01:56.400 Ping type: Null, Ping interval: 30 sec; Timeout: 15 sec
. 2016-12-06 15:01:56.400 Disable Nagle: No
. 2016-12-06 15:01:56.400 Proxy: None
. 2016-12-06 15:01:56.400 Send buffer: 262144
. 2016-12-06 15:01:56.400 SSH protocol version: 2; Compression: Yes
. 2016-12-06 15:01:56.400 Bypass authentication: No
. 2016-12-06 15:01:56.400 Try agent: No; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2016-12-06 15:01:56.400 Ciphers: aes,chacha20,WARN,blowfish,3des,arcfour,des; Ssh2DES: No
. 2016-12-06 15:01:56.400 KEX: ecdh,dh-group1-sha1,WARN,dh-group14-sha1,dh-gex-sha1,rsa
. 2016-12-06 15:01:56.400 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2016-12-06 15:01:56.400 Simple channel: Yes
. 2016-12-06 15:01:56.400 Return code variable: Autodetect; Lookup user groups: Auto
. 2016-12-06 15:01:56.400 Shell: default
. 2016-12-06 15:01:56.400 EOL: LF, UTF: Auto
. 2016-12-06 15:01:56.400 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2016-12-06 15:01:56.400 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2016-12-06 15:01:56.400 SFTP Bugs: Auto,Auto
. 2016-12-06 15:01:56.400 SFTP Server: default
. 2016-12-06 15:01:56.400 Local directory: XXXXXXXXXXX, Remote directory: XXXXXXXXXXXXXXX, Update: No, Cache: Yes
. 2016-12-06 15:01:56.400 Cache directory changes: Yes, Permanent: Yes
. 2016-12-06 15:01:56.400 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2016-12-06 15:01:56.400 DST mode: Unix
. 2016-12-06 15:01:56.400 --------------------------------------------------------------------------
. 2016-12-06 15:01:56.478 Looking up host "XXX.XXX.XXX.XXX" (IPv4) for SSH connection
. 2016-12-06 15:01:56.478 Connecting to XXX.XXX.XXX.XXX port 22
. 2016-12-06 15:02:17.494 Failed to connect to XXX.XXX.XXX.XXX: Network error: Connection timed out
. 2016-12-06 15:02:17.494 Knocking FTP port.
. 2016-12-06 15:02:19.494 FTP port did not open.
* 2016-12-06 15:02:19.509 (EFatal) Network error: Connection to "XXX.XXX.XXX.XXX" timed out.    

Reply with quote

Advertisement

DanielEsostato
Guest

Have you got a firewall between you and your domain. If you have you need access through the firewall for ftp

Reply with quote

Advertisement

You can post new topics in this forum