homepage Welcome to WebmasterWorld Guest from 23.22.194.120
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Is this *nix or NT?
Odd FTP headers on a "Win2K" host.
RWSteele




msg:911447
 8:24 pm on Jan 17, 2004 (gmt 0)

I aplogize if this question doesn't belong in this group, but didn't know where else to post.
I'm currently working on a site that is "supposed" to be on a Win2K server.

I know that you can hide servers behind firewalls or change FTP, TELNET, HTTP banners/headers, so with that said here is an excerpt from an FTP log from today:

< 215 UNIX Type: L8
> PWD
< 257 "/" is current directory.
~ Login completed.
< 150 Opening ASCII mode data connection for /bin/ls.

Now here are HTTP headers returned from the same server:
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDACDSRTBA=PHEFCFEAFFFELFIHPCJHOFEE; path=/

I don't claim to know alot about networks, security, firewalls, etc., but this seemed odd to me. I wanted to see if this might be an attempt to throw off would-be hackers or if he's advertising Win2K hosting, but really running *nix servers with a program such as Chilisoft that would emulate a Win2K environment.

A guy I work with who used to work for the host in question says this, "Yea he's a security freak, but he's also a cheap a$$!. He'll reinstall trial software a 100 times in order to not have to buy it." (I didn't think there was such thing as "cheap security"?)

Once again this is not an attempt to "hack" anyone. I've had some odd problems while working on a SQL Server project hosted through him, and I'm trying to find out if he might be false advertising.

Links to articles and/or feedback will be greatly appreciated.

Thanks
Randy

 

sun818




msg:911448
 8:41 pm on Jan 17, 2004 (gmt 0)

FTP and WEB services could routed to separate servers behind the scene. He could also be running IIS, but using a third party FTP service and not the default one included with Windows. You could try pining both domains and performing a tracert route to see if you notice any difference.

SeanW




msg:911449
 3:46 pm on Jan 18, 2004 (gmt 0)

215 UNIX Type: L8

I'm pretty sure that's referring to the directory listing type, and not the operating system. Most FTP servers spit out a UNIX directory listing because that's what most clients expect.

150 Opening ASCII mode data connection for /bin/ls.

Yea, that's an odd one... I think we've got some MS FTP servers at work, I'll take a look at one of them.

As someone else mentioned, it could be an L4 switch redirecting FTP to a different host.

Sean

RWSteele




msg:911450
 6:16 pm on Jan 18, 2004 (gmt 0)

I forgot to mention that I did FTP into our NT4 box at work to compare results and it split back this:

< 220 tpciis Microsoft FTP Service (Version 4.0).
> SYST
< 215 Windows_NT version 4.0
< 257 "/" is current directory.
~ Login completed.
< 257 "/myworkdomain/" is current directory.
> PORT 192,168,0,100,12,54
< 200 Type set to A.
< 150 Opening ASCII mode data connection for /bin/ls.

Thanks for the feedback SeanW and Sun818.

vrtlw




msg:911451
 10:59 pm on Jan 18, 2004 (gmt 0)

I'm pretty sure that's referring to the directory listing type, and not the operating system. Most FTP servers spit out a UNIX directory listing because that's what most clients expect.

Agreed, however when on my "Microsoft IIS/5.0 ASP.NET" server it returns back:

Host type (I): UNIX standard

My initial thought is the provider is using some form of Access Control List on a router or as said previously Layer 4 switching to redirect port 21(ftp) traffic to a Linux data server (the machine where the files sit). Then for HTTP traffic a Microsoft webserver is being used with a backbone (private) connection to the Linux box.

RobinC




msg:911452
 11:31 pm on Jan 18, 2004 (gmt 0)

I've actually coded a commercial ftp server from scratch (niche market though) ;-)

There is no "standard" reply to the SYST command, instead most servers reply what their OS is. However there are some ftp *clients* that change their behaviour depending on what OS they get back, even though it makes no difference (as it's the server itself that changes, the OS can run multiple different ones with different outputs).

The "UNIX Type: L8" is taken by a lot of people to mean the LIST reeply type, and the length of a byte, myself included - it's only meant to be human readable, not parsed for anything ;-)

The ASCII/Binary is just MODE, the ftp specs say that binary is send-as-is, ascii however gets the linefeeds translated to a neutral type (/n/r etc), so the client end can use a different system than the server end (ie, windows and *nix). It's only applicable for ascii files, and a listing is ascii... Unless it's got characters outside the 7-bit boundary that certain systems complain about ;-)

The reason ftp servers tend to "lie" about what they are is that the LIST output was not meant to be machine parsed - there's no actual standard to it. Instead a lot of people are now just using the output of *nix "ls -alF" as an unofficial standard - in fact, a lot of ftp clients will actually send "LIST -alF" as the command (who say's we're a. running on *nix, and b. actually running an external prog for listings?).

What can I say, coding ftp servers can be a headache, just got for wu-ftpd output compatability and everyone should be happy ;-)

Robin

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved