Comments on: My Sonicwall won’t let me FTP! Error: FTP: PASV response bounce attack dropped

By: Frank

Frank — Fri, 13 Aug 2010 15:16:21 +0000

There are definitely better options than FTP out there – online file transfer services like Filesdirect (my personal fave) are easier to use and more secure.

By: Brian

Brian — Wed, 11 Aug 2010 21:00:25 +0000

Thank you for this information. I set an FTP site for a project on an older, smaller network with a SonicWall. I then had a handful of people trying to get the large files and all were running into this problem. I looked through my SonicWall’s log and saw the errors. It was driving me batty!

I went through all the settings everywhere to get the Passive mode to work (easier than explaining active mode setup to non-tech users spread out geographically). In a last ditch effort I Googled my error and came across this post.

THANK you! You’ve saved me and the users from the frustration of changing course to one of the other perfectly valid options listed by other commenters.

By: Karl L. Gechlik | AskTheAdmin.com

Karl L. Gechlik | AskTheAdmin.com — Wed, 04 Feb 2009 12:58:26 +0000

After looking into active mode ftp – it is a great suggestion.. Thanks Clay.

By: Clay Maney

Clay Maney — Tue, 03 Feb 2009 02:05:38 +0000

The link is still bad, but the biggest reason to limit the use of FTP is because, most of the time, it is clear text. That means your username and password are sent unencrypted across the Internet. When possible, use FTP w/ SSL or SCP/SFTP to make sure your transactions are secure.

As for this post, I personally don’t like SonicWall firewalls (slow, need reboots, etc.). But, with that being said, by disabling bounce attack protection in a dedicated appliance, you’re relying on an operating system that was originally created for easy file-sharing (Windows) to do the security job… this is not good practice.

Why not just switch to active mode ftp?

By: Ray P.

Ray P. — Mon, 22 Dec 2008 17:10:31 +0000

Thank you for this information – it helped me troubleshoot a remote site for several users on a construction project we’re working on.

By: No to all? The hidden option on Windows XP. | Unit1

No to all? The hidden option on Windows XP. | Unit1 — Sat, 01 Nov 2008 11:38:14 +0000

[...] My Sonicwall won’t let me FTP! Error: FTP: PASV response bounce attack dropped [...]

By: Alex

Alex — Wed, 13 Aug 2008 23:22:15 +0000

I found your site on technorati and read a few of your other posts. Keep up the good work. I just added your RSS feed to my Google News Reader. Looking forward to reading more from you down the road!

By: JoeG

JoeG — Thu, 31 Jul 2008 15:06:01 +0000

I use FTP for all kinds of stuff, the number one is that I do not allow email attachments over 10MB. If someone needs to get a file to us or from us that is larger than 10MB they can drop it off or pick it up from the FTP server (which I don’t have to backup, unlike the email server).

I would take Adrian’s advice with a grain of salt (more like a baseball sized chunk than a grain really).

By: Karl L. Gechlik | AskTheAdmin.com

Karl L. Gechlik | AskTheAdmin.com — Thu, 31 Jul 2008 07:18:17 +0000

I use FTP daily and SSL Ftp if I need something a little more secure. But yeah I agree with Peter why shouldn’t I be using FTP Steven?

I get a 404 on that link as well – is this some sort of viral link that is supposed to make me search around for your post/answer?

By: Peter

Peter — Thu, 31 Jul 2008 06:43:48 +0000

Adrian – Um, why not use FTP? FTP is a great tool for moving larger files. (Maybe you say why in your link but it’s not working.)

By: Adrian

Adrian — Wed, 30 Jul 2008 20:28:02 +0000

I think the real question here is why use FTP?

http://stevenf.com/archive/dont-use-ftp.php

By: El Di Pablo

El Di Pablo — Wed, 30 Jul 2008 18:21:09 +0000

Cool, I will check that out. We happen to use Sonicwall pretty extensively.

-EDP

By: chexxer

chexxer — Wed, 30 Jul 2008 18:02:32 +0000

It looks like the low end hardware firewalls are now being initially configured to limit what can get out, and you have to make adjustments for what you need, outside of the manufacturers default settings.

Smoothwall Express 3.0 (Free)when first installing does have about three initial set-ups you can select, and as far as I can remember one blocks everything, one allows the main ports, I think the other one was let everything through. I selected the main ports settings, and then had to add a couple of special email ports and the time ports to the allow list.

At first I didn’t realize what was wrong, but the logs in Smoothwall Express help you to see what’s getting blocked .

I suppose the problem with going this route is having the inclination to install it (it’s not that hard) and having an old computer, putting a minimum of two NIC’s in and having the space to park it.

If anyone is interested in going this route, for version 3.0 you need a minimum of about a 300Mhz Pentium, 128MB ram and about 6.4Gb disk, with keyboard and CD drive required just for the installation. you use your web browser for any configuration, monitoring, etc after installation. Go to Smoothwall.org to download the free ISO version, just need to burn a CD.

You could go the mini ITX route to keep it quite small like the Sonicwall but the box would be a bit OTT for a firewall.

I use a Shuttle box that was a bit OTT, just so I could fit it in a cupboard where my mains, telephone, tv and network distribution is.