You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by Marcin Kudla <ma...@gmail.com> on 2019/04/01 10:54:37 UTC
[net] FTP.Command.Site.Overflow command.
Hi
In our application we use Apache Commons Net FTP client to send files to
the server. One of our clients indicated us that during the connection our
client performs the command FTP.Command.Site.Overflow. According to
https://fortiguard.com/encyclopedia/ips/12624 this command is dangerous.
I added ProtocolCommandListener to see the commands that are executed
during the connection and, additionally, I looked into the source code and
found nothing to indicate that the command is being executed. Does the
FTPClient actually execute this command? If so, is it possible to disable
its execution somehow?
Thanks
Marcin
Re: [net] FTP.Command.Site.Overflow command.
Posted by sebb <se...@gmail.com>.
On Mon, 1 Apr 2019 at 11:55, Marcin Kudla <ma...@gmail.com> wrote:
>
> Hi
>
> In our application we use Apache Commons Net FTP client to send files to
> the server. One of our clients indicated us that during the connection our
> client performs the command FTP.Command.Site.Overflow. According to
> https://fortiguard.com/encyclopedia/ips/12624 this command is dangerous.
>
> I added ProtocolCommandListener to see the commands that are executed
> during the connection and, additionally, I looked into the source code and
> found nothing to indicate that the command is being executed. Does the
> FTPClient actually execute this command?
There is no such FTP command as Site.Overflow.
It is just a name for sending an overly long command line to the FTP server.
NET generally only sends whatever you tell it to.
However there are some commands it sends to find out info from the
server, e.g. the SITE command.
These are short.
The only other command I can think of is the NOOP command which is
sent if you enable keep-alive.
See
https://commons.apache.org/proper/commons-net/javadocs/api-3.6/org/apache/commons/net/ftp/FTPClient.html
If the server does not process the NOOPs during a long-running
transfer then I suppose they might build up.
> If so, is it possible to disable its execution somehow?
See above; don't enable keep-alive
> Thanks
> Marcin
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org