Sign in to follow this  
Followers 0
Azazash

Secure File Transfer on Port 80

8 posts in this topic

Hi,

I have been writing an app that will take files from a local folder and uploads them to an FTP server using FTPS (using WinSCP).

This works great at my office, but when used at a client site i run into the problem that port 990 is blocked. I havent yet determined which other ports are blocked, but i am fairly sure that it will be all but the most common (80, 443 etc).

Does anyone know a way that I can send files to a remote server, but via port 80?

The only thing i can think of is some form of vpn connection to the server, but can i force that through port 80?

Is there a UDF that i can use that might help point me in the right direction?

I don't want anyone to write me any code (unless you want to) but just to give me some advice on teh best course of action.

Many thanks

Share this post


Link to post
Share on other sites



use FTP functions apply on port 80?

Share this post


Link to post
Share on other sites

Port usage is arbitrary, meaning that http on port 80 is by convention only (so your web browser can expect an answer from a query sent to that port).

If you are using an out-of-the-box FTP server, most of them will allow you to set it to listen on any port you want.

So, just try it on port 80, should work.

--97T--

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Hi thanks for the responses...

I've tried using a variety of ports on the server, but none seem to connect.

For a bit more info:

Im trying to connect from a very locked down network, through a gateway to a SBS 2003 server using FTPS (default port 990). The SBS machine has filezilla server running on it which is configured to listen to port 990 for FTP SSL/TLS connections.

I can configure the server to listen to any port, including 80 or 443, and it does not report a problem. If i attempt to connect from any machine, using any port other than 990 when using FTPS, the conection times out.

Im beginning to think that this just isn't possible to do in the way i need it.

If it's not does anyone know of a way that i can create an ssh tunnel that uses port 80, which i can then transfer data through, using AutoIT or any other command line based application?

many thanks

EDIT** The reason im posting this seemingly not AutoIt related question on here is even though i am trying to script it using autoit, i actually value the opinions of most of the posters on this forum then other forums.

Edited by Azazash

Share this post


Link to post
Share on other sites

Im trying to connect from a very locked down network, through a gateway to a SBS 2003 server using FTPS (default port 990). The SBS machine has filezilla server running on it which is configured to listen to port 990 for FTP SSL/TLS connections.

Maybe the admin has locked the protocols to map to certain ports only. See 'deep packet inspection' in your favorite search engine.

There must be a very good reason for somebody to have taken the time, resources,and money to make this difficult for you.

Have a talk to the system admin may be the wisest thing, especially if you are running in a secure network and what you are trying to do may have unintended security consequences such as national security, job security, school security, etc...

Share this post


Link to post
Share on other sites

I agree with Confuzzled.

Still, you can use GoToMyPC to get through the firewall if you have to. Just blow a hole through to your home computer, then run whatever you want from there and transfer the files through the encrypted channel. You can probably do it for free with a whole lot more work.

(Sometimes, lazy or stupid admins protect their networks with something like a Barracuda box and never learn how to administer it (or just refuse to). And a lot of times, the result is .... well, you know.)

Share this post


Link to post
Share on other sites

gotomypc, logmein, etc. are not guaranteed to work in any seriously locked down environment. If you look at their terms of service, they're not guaranteed to do anything, ever ;)

Upshot is, if you think you need to do something that someone has blocked, you need to deal w/ the individuals responsible for the blocking, and get it dealt with. Likely, bypassing network security is a 'bad thing' that can get you fired.

Speaking as a 30 year network guy, someone tries to screw w/ my networks or bypass the security restrictions placed by their management, and signed on in their hiring documentation, they get fired. If you're just trying to do your job, and IT is making it hard on you, kick it up the food chain, and let your boss explain what you need to do and why. Failure to do so will create one of two situations, an embarrassed IT department covering its butt for how you 'beat' them, or you explaining when you're finally caught why your project was willing to bypass established company procedures approved by your legal department to achieve whatever short-sighted / limited objectives you or your immediate superiors are trying to accomplish, putting the entire company at risk for potential criminal / civil litigation.

Either way ends up w/ you or your bosses looking bad, or with IT looking bad. Having guys with the ability and motivation to track everything you do interested in your failure is not a good career move.


Reading the help file before you post... Not only will it make you look smarter, it will make you smarter.

Share this post


Link to post
Share on other sites

@flyingboz,

Good points all. Especially in a larger organization. Plus, any decent network admin is going to see the encrypted traffic and stop it pronto, then come visit you if you use it for very long.

I should have clarified ... there are times when the owner of the place finds it easier to let key people use software like that than to pay someone to admin the network. Like, where I work now. He's more comfortable with someone using a paid-for software to get things done while everyone else is still blocked. And he isn't going to pay for a network admin (until something really bad happens). The company isn't big enough to support someone full-time. He overpaid for the 'mystery box', overpaid to have it installed, overpays for outside help whenever the 'IT' guy can't figure out how to get someone an IP address. So, key people do that with permission. I know it's not wise, but I can't educate everybody, and I have other jobs to do myself.

Last place I worked, I was the network admin (and I kept watch for stuff like that). If it's a workplace setting, everyone needs to keep in mind that the owner owns the machines, the wires, and any data that flows across, plus he owns the time you are charging him for while trying to bypass his security. I don't advocate violating workplace policy. Anybody that does can be fired immediately because of liability it raises for the company.

I guess it all needed to be said, just in case. Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0