Hello all,
I have a ton of questions and will try and pile all of them in this one post but feel free to answer any of them that you may know the answer to. They will all be related to FTP in one way or another as I have reached the end of things I can think of to try. Thanks to all who take the time to read and post.....
So I have created a Windows Server 2016 VM with FTP server enabled on it. It is hiding behind our business firewall with the firewall only allowing ports 20,21 and 23000-30000 as passive ports. Only US IPs are allowed to it and any outside the US IPs are hard coded to bypass in with those ports. Everything else is blocked. I have the IP and passive ports set in IIS. Have all of the users and folders set up as needed. It seems to work fine for all of the people that are accessing it. It has XML/CSV files of our product catalog, an images folder for our clients to import into their website, and one folder for them to add files. Everyone is accessing it either via a browser, Filezilla, or PHP calls. We started having an issue with two clients stating that they could upload files most of the time but it would randomly not be able to do so without any error codes. I tried watching the traffic with wireshark and all I see is that the connection just stops talking, no END packet, no more ACK packets, nothing. It just stops conversing. Since the business FW is in between it and the internet I tried disabling the Windows FW to see if it was causing any issues and the issue persisted. Tried checking the connection settings and increased timeouts but no dice.
So I decided to see if our business FW was causing the issue intermittently and made an exact copy of this VM and put it on the Internet side of our FW, restricted FTP to connect only from one IP that was having issues, and only enabled the same ports through the Windows FW but it has the exact same issue. I made an Ubuntu VSFTPD server from scratch and put it on the outside of our business FW but it had the exact same issue. The only thing I can think of is that they have a firewall between our servers and where ever they are calling the FTP request from and it is messing with things. If you have any ideas as to what could be causing it, please comment.
That led me down two different question paths as I don't know what else to try FTP-wise. One being is the server "safe" outside in the internet with only those ports open and isolated to FTP traffic only coming in from one IP? Since all you can do over port 20,21 is FTP and IIS wont allow any other IP address to connect I feel that is locked down. Even if they spoof that particular IP they need creds to get in. My main question is having ports 23000-30000 open. I don't have any other program installed on there that uses those ports other than being the passive ports for FTP. So I'm assuming this means they are "safe" as there really isn't anything to talk to on those ports on the server.
The second question I had was what other alternatives to FTP should I be looking into? What is being used out in the real world? This isn't super sensitive data on the FTP server but obviously would rather it not fall into the "wrong" hands. Saw there was something called AS2 but that sounds like a nightmare to get other super small companies to deal with as there is setup on their end too. Feel free to offer other suggestions.
Thanks all!
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
I have a ton of questions and will try and pile all of them in this one post but feel free to answer any of them that you may know the answer to. They will all be related to FTP in one way or another as I have reached the end of things I can think of to try. Thanks to all who take the time to read and post.....
So I have created a Windows Server 2016 VM with FTP server enabled on it. It is hiding behind our business firewall with the firewall only allowing ports 20,21 and 23000-30000 as passive ports. Only US IPs are allowed to it and any outside the US IPs are hard coded to bypass in with those ports. Everything else is blocked. I have the IP and passive ports set in IIS. Have all of the users and folders set up as needed. It seems to work fine for all of the people that are accessing it. It has XML/CSV files of our product catalog, an images folder for our clients to import into their website, and one folder for them to add files. Everyone is accessing it either via a browser, Filezilla, or PHP calls. We started having an issue with two clients stating that they could upload files most of the time but it would randomly not be able to do so without any error codes. I tried watching the traffic with wireshark and all I see is that the connection just stops talking, no END packet, no more ACK packets, nothing. It just stops conversing. Since the business FW is in between it and the internet I tried disabling the Windows FW to see if it was causing any issues and the issue persisted. Tried checking the connection settings and increased timeouts but no dice.
So I decided to see if our business FW was causing the issue intermittently and made an exact copy of this VM and put it on the Internet side of our FW, restricted FTP to connect only from one IP that was having issues, and only enabled the same ports through the Windows FW but it has the exact same issue. I made an Ubuntu VSFTPD server from scratch and put it on the outside of our business FW but it had the exact same issue. The only thing I can think of is that they have a firewall between our servers and where ever they are calling the FTP request from and it is messing with things. If you have any ideas as to what could be causing it, please comment.
That led me down two different question paths as I don't know what else to try FTP-wise. One being is the server "safe" outside in the internet with only those ports open and isolated to FTP traffic only coming in from one IP? Since all you can do over port 20,21 is FTP and IIS wont allow any other IP address to connect I feel that is locked down. Even if they spoof that particular IP they need creds to get in. My main question is having ports 23000-30000 open. I don't have any other program installed on there that uses those ports other than being the passive ports for FTP. So I'm assuming this means they are "safe" as there really isn't anything to talk to on those ports on the server.
The second question I had was what other alternatives to FTP should I be looking into? What is being used out in the real world? This isn't super sensitive data on the FTP server but obviously would rather it not fall into the "wrong" hands. Saw there was something called AS2 but that sounds like a nightmare to get other super small companies to deal with as there is setup on their end too. Feel free to offer other suggestions.
Thanks all!
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
