Article delegate-en/4077 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] FileZilla TLS security patch does not work with FTPS and Delegate
19 Aug 2008 07:37:41 GMT p5uhqbdyi-5bnwhwfecmlr.ml@ml.delegate.org



Hello,
We are using DeleGate as a ftp to ftps proxy. The setting used to work

*very well* (and therefore a big thank you for the author
of DeleGate). The problem is with Explicit and Implicit SSL/TLS. With an

older version (3.0.11, which is before FileZilla security patch) FileZilla
and DeleGate work like a charm.With new versions of FileZilla there is a

problem however, which seems to be related to below issue (the snippet is
from the FileZilla project's website http://filezilla-project.org)


2008-07-24 - Security Advisory
FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are

handled on SSL/TLS secured data transfers.
If the data connection of a transfer gets closed, FileZilla did not check

if the server performed an orderly TLS shutdown.
Impact
An attacker could send spoofed FIN packets to the client. Even though

GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did

not record a transfer failure in all cases.
Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since

this cannot be distinguished from an attack, FileZilla will not be able to

download listings or files from such servers.
Affected versions
All versions prior to 3.1.0.1 are affected. This vulnerability has been

fixed in 3.1.0.1

The error returned by FileZilla points to the issue addressed in the

Security Advisory. The german text means
"Server did not shutdown TLS-Connection properly."

09:15:43        Trace:  GnuTLS error -9: A TLS packet with unexpected

length was received.
09:15:43        Status: Server hat die TLS-Verbindung nicht ordnungsgem籖

geschlossen
09:15:43        Fehler: Could not read from transfer socket: ECONNABORTED

- Connection aborted

I am not sure whether this is an issue with SSLway or with DeleGate. Is

there a workaround for the described problem?
I would apprieciate your answer and again, I think you do a great job!
Markus Pfister

DeleGate is started with:

./src/delegated -P3128 SERVER=ftp://10.23.162.218:49321  STLS=fcl/ssl

CERTDIR=/export/home/tkpfk/delegate/certdir -v -d TIMEOUT=standby:60

SYSLOG=/export/home/tkpfk/delegate/delegate.log REMITTABLE="ftp,ftps"

MODE=noxdc


This is Filezilla 3.1.1.1 Output

09:15:41        Status: Verbinde mit 10.23.163.122:3128...
09:15:41        Status: Verbindung hergestellt, warte auf

Willkommensnachricht...
09:15:41        Trace:  CFtpControlSocket::OnReceive()
09:15:41        Antwort:        220-extended FTP [MODE

XDC][XDC/BASE64][PIPELINE] (1) davos.ACompany.com
09:15:41        Antwort:        220-******************************
09:15:41        Antwort:        220- ftpFrontdoor server ready
09:15:41        Antwort:        220- Version: 2.0.5
09:15:41        Antwort:        220- ******************************
09:15:41        Antwort:        220

09:15:41        Trace:  CFtpControlSocket::SendNextCommand()
09:15:41        Befehl: AUTH TLS
09:15:41        Trace:  CFtpControlSocket::OnReceive()
09:15:41        Antwort:        234 OK
09:15:41        Status: Initialisiere TLS...
09:15:41        Trace:  CTlsSocket::Handshake()
09:15:41        Trace:  CTlsSocket::OnSend()
09:15:41        Trace:  CTlsSocket::OnRead()
09:15:41        Trace:  CTlsSocket::Handshake()
09:15:41        Trace:  CTlsSocket::OnRead()
09:15:41        Trace:  CTlsSocket::Handshake()
09:15:41        Trace:  CTlsSocket::OnRead()
09:15:41        Trace:  CTlsSocket::Handshake()
09:15:41        Trace:  Handshake successful
09:15:41        Trace:  Cipher: 3DES-CBC, MAC: SHA1
09:15:41        Status: ワberpr{#CCX:UTF-8:NOMAP:LocalToUTF8:97c7#}e Zertifikat...
09:15:41        Trace:  CFtpControlSocket::SendNextCommand()
09:15:41        Befehl: USER TestUser
09:15:41        Status: TLS/SSL-Verbindung hergestellt.
09:15:41        Trace:  CTlsSocket::OnRead()
09:15:41        Trace:  CFtpControlSocket::OnReceive()
09:15:41        Antwort:        331 Password required for TestUser.
09:15:41        Trace:  CFtpControlSocket::SendNextCommand()
09:15:41        Befehl: PASS ***
09:15:42        Trace:  CTlsSocket::OnRead()
09:15:42        Trace:  CFtpControlSocket::OnReceive()
09:15:42        Antwort:        230 User TestUser logged in.
09:15:42        Trace:  CFtpControlSocket::SendNextCommand()
09:15:42        Befehl: SYST
09:15:42        Trace:  CTlsSocket::OnRead()
09:15:42        Trace:  CFtpControlSocket::OnReceive()
09:15:42        Antwort:        215 UNIX Type: L8 Version: generic.
09:15:42        Trace:  CFtpControlSocket::SendNextCommand()
09:15:42        Befehl: FEAT
09:15:42        Trace:  CTlsSocket::OnRead()
09:15:42        Trace:  CFtpControlSocket::OnReceive()
09:15:42        Antwort:        500 not implemented yet

09:15:42        Trace:  CFtpControlSocket::SendNextCommand()
09:15:42        Befehl: PBSZ 0
09:15:42        Trace:  CTlsSocket::OnRead()
09:15:42        Trace:  CFtpControlSocket::OnReceive()
09:15:42        Antwort:        200 OK
09:15:42        Trace:  CFtpControlSocket::SendNextCommand()
09:15:42        Befehl: PROT P
09:15:42        Trace:  CTlsSocket::OnRead()
09:15:42        Trace:  CFtpControlSocket::OnReceive()
09:15:42        Antwort:        200 OK
09:15:42        Status: Verbunden
09:15:42        Trace:  CFtpControlSocket::ResetOperation(0)
09:15:42        Trace:  CControlSocket::ResetOperation(0)
09:15:42        Status: Empfange Verzeichnisinhalt...
09:15:42        Trace:  CFtpControlSocket::SendNextCommand()
09:15:42        Trace:  CFtpControlSocket::ChangeDirSend()
09:15:42        Befehl: PWD
09:15:42        Trace:  CTlsSocket::OnRead()
09:15:42        Trace:  CFtpControlSocket::OnReceive()
09:15:42        Antwort:        257 "/" is current directory.
09:15:42        Trace:  CFtpControlSocket::ResetOperation(0)
09:15:42        Trace:  CControlSocket::ResetOperation(0)
09:15:42        Trace:  CFtpControlSocket::ParseSubcommandResult(0)
09:15:42        Trace:  CFtpControlSocket::ListSubcommandResult()
09:15:42        Trace:    state = 1
09:15:42        Trace:  CFtpControlSocket::SendNextCommand()
09:15:42        Trace:  CFtpControlSocket::TransferSend()
09:15:43        Trace:    state = 1
09:15:43        Befehl: TYPE I
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CFtpControlSocket::OnReceive()
09:15:43        Antwort:        200 Type set to "I".
09:15:43        Trace:  CFtpControlSocket::TransferParseResponse()
09:15:43        Trace:    code = 2
09:15:43        Trace:    state = 1
09:15:43        Trace:  CFtpControlSocket::SendNextCommand()
09:15:43        Trace:  CFtpControlSocket::TransferSend()
09:15:43        Trace:    state = 2
09:15:43        Befehl: PASV
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CFtpControlSocket::OnReceive()
09:15:43        Antwort:        227 Entering Passive Mode

(10,23,163,122,175,95).
09:15:43        Trace:  CFtpControlSocket::TransferParseResponse()
09:15:43        Trace:    code = 2
09:15:43        Trace:    state = 2
09:15:43        Trace:  CFtpControlSocket::SendNextCommand()
09:15:43        Trace:  CFtpControlSocket::TransferSend()
09:15:43        Trace:    state = 4
09:15:43        Befehl: LIST
09:15:43        Trace:  CTransferSocket::OnConnect
09:15:43        Trace:  CTlsSocket::Handshake()
09:15:43        Trace:  Skipping socket event 4, id mismatch.
09:15:43        Trace:  CTlsSocket::OnSend()
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CTlsSocket::Handshake()
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CFtpControlSocket::OnReceive()
09:15:43        Antwort:        150 File status OK
09:15:43        Trace:  CFtpControlSocket::TransferParseResponse()
09:15:43        Trace:    code = 1
09:15:43        Trace:    state = 4
09:15:43        Trace:  CFtpControlSocket::SendNextCommand()
09:15:43        Trace:  CFtpControlSocket::TransferSend()
09:15:43        Trace:    state = 5
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CTlsSocket::Handshake()
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CTlsSocket::Handshake()
09:15:43        Trace:  Handshake successful
09:15:43        Trace:  Cipher: 3DES-CBC, MAC: SHA1
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CTlsSocket::OnSocketEvent(): close event received
09:15:43        Trace:  CTransferSocket::OnReceive(), m_transferMode=0
09:15:43        Trace:  GnuTLS error -9: A TLS packet with unexpected

length was received.
09:15:43        Status: Server hat die TLS-Verbindung nicht ordnungsgem籖

geschlossen
09:15:43        Fehler: Could not read from transfer socket: ECONNABORTED

- Connection aborted
09:15:43        Trace:  CTransferSocket::TransferEnd(3)
09:15:43        Trace:  Skipping socket event 4, no socket or id mismatch.
09:15:43        Trace:  Skipping socket event 2, no socket or id mismatch.
09:15:43        Trace:  Skipping socket event 5, no socket or id mismatch.
09:15:43        Trace:  CTlsSocket::OnRead()
09:15:43        Trace:  CFtpControlSocket::TransferEnd()
09:15:43        Trace:  CFtpControlSocket::OnReceive()
09:15:43        Antwort:        226 Closing data connection
09:15:43        Trace:  CFtpControlSocket::TransferParseResponse()
09:15:43        Trace:    code = 2
09:15:43        Trace:    state = 7
09:15:43        Trace:  CFtpControlSocket::ResetOperation(2)
09:15:43        Trace:  CControlSocket::ResetOperation(2)
09:15:43        Trace:  CFtpControlSocket::ParseSubcommandResult(2)
09:15:43        Trace:  CFtpControlSocket::ListSubcommandResult()
09:15:43        Trace:    state = 2
09:15:44        Trace:  CFtpControlSocket::ResetOperation(2)
09:15:44        Trace:  CControlSocket::ResetOperation(2)
09:15:44        Fehler: Verzeichnisinhalt konnte nicht empfangen werden

This is DeleGate 9.8.4-pre5 output:

tkpfk@davos:~/delegate/delegate9.8.4-pre5 > ./startme.sh
08/19 09:15:22.36 [32076] 0+0: -- setCredhyCache /tmp/credhy_cache128 >>

/export/home/tkpfk/delegate/act/credhy_cache128
08/19 09:15:22.36 [32076] 0+0: command PATH:

/export/home/tkpfk/delegate/delegate9.8.4-pre5/./src/delegated ->

/export/home/tkpfk/delegate/delegate9.8.4-pre5/./src/delegated
[0] ./src/delegated
[1] -P3128
[2] SERVER=ftp://10.23.162.218:49321
[3] STLS=fcl/ssl
[4] CERTDIR=/export/home/tkpfk/delegate/certdir
[5] -v
[6] -d
[7] TIMEOUT=standby:60
[8] SYSLOG=/export/home/tkpfk/delegate/delegate.log
[9] REMITTABLE=ftp,ftps
[10] MODE=noxdc
08/19 09:15:22.36 [32076] 0+0: PORT> -P3128
Warning: unknown parameter: MODE
08/19 09:15:22.37 [32076] 0+0: --- [crypto] 0 dglibcrypto.so
08/19 09:15:22.37 [32076] 0+0: --- [crypto] 0 libcrypto.so.0.9.8
08/19 09:15:22.37 [32076] 0+0: --- [/usr/lib/libcrypto.so]
08/19 09:15:22.37 [32076] 0+0: --- [crypto] 83D9100 /usr/lib/libcrypto.so
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional: SSL_set_SSL_CTX
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional: SSL_get_servername
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

SSL_get_servername_type
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

SSL_CTX_callback_ctrl
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

SSL_CTX_use_certificate_chain_file
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional: X509_STORE_set_flags
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

SSL_CTX_set_session_id_context
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

SSL_CTX_set_generate_session_id
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

ENGINE_load_builtin_engines
08/19 09:15:22.37 [32076] 0+0: --- [crypto] optional:

OPENSSL_add_all_algorithms_conf
08/19 09:15:22.37 [32076] 0+0: ---- [crypto] loaded 99 syms,

unknown=47+10, already=0
08/19 09:15:22.37 [32076] 0+0: --- [ssl] 0 dglibssl.so
08/19 09:15:22.37 [32076] 0+0: --- [ssl] 0 libssl.so.0.9.8
08/19 09:15:22.37 [32076] 0+0: --- [/usr/lib/libssl.so]
08/19 09:15:22.37 [32076] 0+0: --- [ssl] 83D9548 /usr/lib/libssl.so
08/19 09:15:22.37 [32076] 0+0: ---- [ssl] loaded 99 syms, unknown=0+0,

already=7
08/19 09:15:22.37 [32076] 0+0: ---- unknown = 0+0, already = 7 / 99
08/19 09:15:22.37 [32076] 0+0: +++ loaded OpenSSL 0.9.6g [engine] 9 Aug

2002
08/19 09:15:22.37 [32076] 0+0: ... testing resolver[SYS] with

'WWW.DeleGate.ORG'
08/19 09:15:22.37 [32076] 0+0: ... you can suppress this test by

RES_WAIT=0
08/19 09:15:22.65 [32076] 0+0: ... gethostname(davos)
08/19 09:15:22.65 [32076] 0+0: configuring default RESOLV ...
08/19 09:15:22.65 [32076] 0+0: ... gethostname()='davos'
08/19 09:15:22.65 [32076] 0+0: ... SYS: davos -> 10.23.163.122
08/19 09:15:22.65 [32076] 0+0: ... DNS: 10.23.163.122 ->

davos.ACompany.com
08/19 09:15:22.65 [32076] 0+0: ... DNS available
08/19 09:15:22.65 [32076] 0+0: ... NIS domain: zuoz.ACompany.com
08/19 09:15:22.65 [32076] 0+0: ... export RES_ORDER=CFND
08/19 09:15:22.65 [32076] 0+0: {R}

confid(detected)[c6a66c9dd1488ea028551c9d9d305628]<-[]
08/19 09:15:22.65 [32076] 0+0: export RESOLV=cache,file,nis,dns (set by

default)
SRCSIGN=9.8.4-pre5:20080815183133+0900:77091fcddcbdb4a8:Author@DeleGate.ORG:Vp+IwFCK6gTbd6YxWsTGOVQAyEQYgLm6o74coeqGQU/3tcdTTShCI3fnKGoRjEUCeExmhaf3hHufU6sRdy8dMcm7qUcaKPCqH7QrztbfaGQ4wsmxUstbU+SpkLwUkEA0U+Lm/aUzcTt2MOdKvwnD19vWb4BfwuprY1Ilw5FaIL8=
BLDSIGN=9.8.4-pre5:20080818181647+0100:77091fcddcbdb4a8:tkpfk@davos:-
08/19 09:15:22.66 [32076] 0+0: --INITIALIZATION START-08081909+0100:

9.8.4-pre5 on Linux/2.4.21-138-smp--
08/19 09:15:22.66 [32076] 0+0:

EXECDIR=/export/home/tkpfk/delegate/delegate9.8.4-pre5/./src
08/19 09:15:22.66 [32076] 0+0: BINSHELL=/bin/sh
08/19 09:15:22.66 [32076] 0+0: MAXIMA=delegated:64 for small mem=1930M
08/19 09:15:22.66 [32076] 0+0: scan STLS and FILTERS before beDaemon()...
08/19 09:15:22.66 [32076] 0+0: STLS -> CMAP="-ss,sslway:FCL:starttls"
08/19 09:15:22.66 [32076] 0+0: --- [z] 0 dglibz.so
08/19 09:15:22.66 [32076] 0+0: --- [z] 0 libz.so.0.9.8
08/19 09:15:22.66 [32076] 0+0: --- [/usr/lib/libz.so]
08/19 09:15:22.66 [32076] 0+0: --- [z] 83DCDD8 /usr/lib/libz.so
08/19 09:15:22.66 [32076] 0+0: --- [z] optional: gziocallback
08/19 09:15:22.66 [32076] 0+0: ---- [z] loaded 17 syms, unknown=0+1,

already=0
08/19 09:15:22.66 [32076] 0+0: +++ loaded Zlib 1.1.4
08/19 09:15:22.66 [32076] 0+0: #### gzip/gunzip = dynamically linked
08/19 09:15:22.66 [32076] 0+0: ## SSLway ## 0.003483 connected/accepted
08/19 09:15:22.66 [32076] 0+0: ## SSLway initialized ctx #900000000 0 X
08/19 09:15:22.67 [32076] 0+0: server_open(delegate,:3128,listen=20)
08/19 09:15:22.67 [32076] 0+0: server_open(delegate,:3128) BOUND
08/19 09:15:22.67 [32076] 0+0: DGROOT=/export/home/tkpfk/delegate^M
08/19 09:15:22.67 [32076] 0+0: <DeleGate/9.8.4-pre5> [32076] -P3128

READY^M
<DeleGate/9.8.4-pre5> [32076] -P3128 READY
Config: Linux/2.4.21-138-smp; FileSize-Bits=32/64,32/32,32;

socket=87380/16384,++NAT; sockpair=65535/65535,1002++U;

thread=PThread/pthread; stty=tcsetattr; fmem=24/1930/8085M
DGROOT=/export/home/tkpfk/delegate
ADMIN=tkpfk@davos
AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165, H18PRO-443
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2008 National Institute of Advanced Industrial Science

and Technology (AIST)
BLDSIGN=9.8.4-pre5:20080818181647+0100:77091fcddcbdb4a8:tkpfk@davos:-
Loaded: OpenSSL 0.9.6g [engine] 9 Aug 2002
Loaded: Zlib 1.1.4
08/19 09:15:22.67 [32076] 0+0: PORT= 3128/8 (12,56)
08/19 09:15:22.67 [32076] 0+0: OWNER=nobody =>

OWNER=tkpfk/tkpfk(tkpfk/tkpfk)
08/19 09:15:22.67 [32076] 0+0: STLS -> CMAP="-ss,sslway:FCL:starttls"
08/19 09:15:22.67 [32076] 0+0: REMITTABLE = ftp,ftps
08/19 09:15:22.67 [32076] 0+0: ADMIN=tkpfk@davos protocol=ftp(specialist)
08/19 09:15:22.67 [32076] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
08/19 09:15:22.67 [32076] 0+0: MOUNT[1]X[3] /-/* =

forbidden,from=!.RELIABLE,default
08/19 09:15:22.67 [32076] 0+0: MOUNT[2]X[0] /-* = default
08/19 09:15:22.67 [32076] 0+0: MOUNT[3]X[1] /=* = default
08/19 09:15:22.67 [32076] 0+0: MOUNT[4]=[4] //* = default
08/19 09:15:22.67 [32076] 0+0:

StickyReport[11,12]127.0.0.127:65535><127.0.0.127:65535 00000/0000X

60000/00000X
08/19 09:15:22.67 [32076] 0+0: env[9] EDITOR=vi
08/19 09:15:22.67 [32076] 0+0: env[87]

LIBPATH=.;/export/home/tkpfk/delegate/delegate9.8.4-pre5;/export/home/tkpfk/delegate/lib;/export/home/tkpfk/delegate/delegate9.8.4-pre5/./src;/export/home/tkpfk/delegate/etc
08/19 09:15:22.67 [32076] 0+0: env[91] RESOLV=cache,file,nis,dns
08/19 09:15:22.67 [32076] 0+0: arg[2] SERVER=ftp://10.23.162.218:49321
08/19 09:15:22.67 [32076] 0+0: arg[3] STLS=fcl/ssl
08/19 09:15:22.67 [32076] 0+0: arg[4]

CERTDIR=/export/home/tkpfk/delegate/certdir
08/19 09:15:22.67 [32076] 0+0: arg[7] TIMEOUT=standby:60
08/19 09:15:22.67 [32076] 0+0: arg[8]

SYSLOG=/export/home/tkpfk/delegate/delegate.log
08/19 09:15:22.67 [32076] 0+0: arg[9] REMITTABLE=ftp,ftps
08/19 09:15:22.67 [32076] 0+0: DELEGATE_Modified[1]: 48aa730a 1219130122
08/19 09:15:22.68 [32076] 0+0: --INITIALIZATION DONE-08081909+0100:

9.8.4-pre5 on Linux/2.4.21-138-smp--
08/19 09:15:22.68 [32076] 0+0: logMMap: 40385000 1332
08/19 09:15:22.68 [32076] 0+0: LOG-Socketpair[17,18]
08/19 09:15:40.88 [32169] 1+0: -- Fork(OnetimeServer): 32076 -> 32169
08/19 09:15:40.89 [32169] 1+0: (0) accepted [34]

-@[10.16.77.130]PC-92008.ACompany.com:2696 (1219130140.889s)(1)
08/19 09:15:40.89 [32169] 1+0: PATH:

ftp://10.23.162.218:49321!davos.ACompany.com:3128!PC-92008.ACompany.com:2696!anonymous@PC-92008.ACompany.com;1219130140
08/19 09:15:41.17 [32169] 1+0: FTP server ftp://10.23.162.218:49321/
08/19 09:15:41.17 [32169] 1+0: FTPHOPS: 1 [34/34 - -1/-1]
08/19 09:15:41.17 [32169] 1+0: ConnectToServer:

DFLT=ftp://10.23.162.218:49321 REAL=://:0
08/19 09:15:41.17 [32169] 1+0: ConnectToServer connected [8]

{10.23.162.218:49321 <- 10.23.163.122:44894} [0.001s]
08/19 09:15:41.17 [32169] 1+0: willSTLS_SV: ServerFlags=0
08/19 09:15:41.18 [32169] 1+0: willSTLS_SV: ServerFlags=0
08/19 09:15:41.18 [32169] 1+0: #### AUTH TLS
08/19 09:15:41.29 [32169] 1+0: ## SSLway ## 0.107794 connected/accepted
08/19 09:15:42.05 [32169] 1+0/3/2: LoginPWD: "/"
08/19 09:15:42.48 [32169] 1+0/4/4: #### PBSZ 0
08/19 09:15:42.51 [32169] 1+0/4/4: #### PROT P
08/19 09:15:42.94 [32169] 1+0/7/7: ## viaCFI: ToC=34 ClientSock=19
08/19 09:15:42.94 [32169] 1+0/7/7: FTP-control-remote: 10.23.163.122:3128

[19]
08/19 09:15:42.94 [32169] 1+0/7/7: FTP-data-local[11]: 10.23.163.122:44895
08/19 09:15:42.94 [32169] 1+0/7/7: --FTPdata reuse port# 44895

[10,23,163,122,175,95]
08/19 09:15:42.94 [32169] 1+0/7/7: ## [PASV] restored

(10,23,163,122,175,95)
08/19 09:15:43.31 [32169] 1+0/7/7: ftp_conndata: connected

10.23.163.122:44893->bondo.ACompany.com/10.23.162.218:49524 [21](0.0)
08/19 09:15:43.31 [32169] 1+0/7/7: -- with PASV
08/19 09:15:43.31 [32169] 1+0/7/7: PASV [B][10,23,163,122,175,95] >> 227

Entering Passive Mode (10,23,163,122,175,95).^M
08/19 09:15:43.71 [32169] 1+0/8/8: FTP-CACHE: LIST [] = [][]:0
08/19 09:15:43.71 [32169] 1+0/8/8: DATA 10.23.162.218:49524 ->

10.23.163.122:44893 .. 10.23.163.122:44895 -> 10.16.77.130:2697
08/19 09:15:43.76 [32169] 1+0/8/8: ## SSLway ## 0.045978 sescache[0] HIT=0

sR=0 cR=1
08/19 09:15:43.76 [32169] 1+0/8/8: FTP data-relay([21]15554b ->

[11]10000b) 1266b / 1/ (2F) 0.00s (read-EOF)
08/19 09:15:43.76 [32169] 1+0/8/8: ## SSLway FCL S-C:1266/1 C-S:0/0

This e-mail may contain confidential and privileged information.
If you are not the intended recipient, please notify the sender and delete
this e-mail immediately.

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V