Port 227/command missing a newline character

[Chetan]

I think it will work if youchange protocol type to FTP_BASIC

[rockysam39]

HI

I am having the exact same issue. In my organization people reported that download from HP & DELL websies are ending up in PCBD. I checked in the Firewall Logs where it shows that the Firewall Accepts the FTP Packet but the SmartDefense rejects the packets...

Log details shows

Product: SmartDefense
Attack: FTP Bounce
Attack Information: Port/227 command missing a newline character

I read the following information on another Forum :-

The $FWDIR/lib/ftp.def file contains the following instructions:

// If you do not want the FW-1 module to insist on a newline at the end of the
// PORT command, change the following '1' to '0' and re-install the policy

#define FTPPORT_NL 1

so please do (taken from CP-support web):

* Issue cpstop from the command line, stopping all services on Smart Center. * Edit the $FWDIR/lib/ftp.def file and change FTPPORT_NL 1 to FTPPORT_NL 0
* Issue cpstart from the command line, starting all services.
* Reinstall the Security Policy.



I will try this myself tonight ( non-business hours ) and post the results

[Chetan]

I think it will work if you change the protcol type to FTP_BASIC .

[avilT]

I have my NGX R65 on Nokia IP390. Under SmartDefense I made "FTP BOUNCE" as Monitor Only.
Still FTP connection from one of my client are getting rejected by smartdefense. It was done by SMARTDEFENSE/Attack is FTP Bounce, Attack information: Port/227 command missing a newline character.

How do I disable this signature?

[jeetu_chaudhari]

Hi ,

I think FTP bounce attack can not be disabled.
Even if u make it as monitor only still it will drop.
I was facing same issue.
Solution you can try is
1. change FTP servie to FTP-BASIC
2. modification in ftp.lib file if you want i will try to post it what modification you should do in this file