How does fxp work at a network layer ?

[kara2002]

Hi all,

Was wondering how fxp'ing works at a network layer. For example I use flash fxp to connect to site A and B.

I then fxp from A to B. How is this done, without the traffic passing thru my computer ?

Also can A see where it's traffic is going to i.e. B and can B tell that's it's coming from A ? I have been told that A and B do not know about each other, therefore your userid/pass is not revealed to each A or B.

So how is this done, packet spoofing. Some special magic in the ftp server software ?

Thanks for any postings. Keep up the good work - you guys rock. Hi N.B.

 

[Strype]

Maybe these two links will help you.

hXXp://www.jtpfxp.net/
hXXp://core-knowledge.tripod.com/fxp_basics.htm

Strype

 

[kara2002]

Hi Strype,

Thx for the reply. I know how to set it up. I just wanted to know how the magic is done at a network layer.

FYI, I think couldn't get to the tripod link ?? Got a message saying it was temp. unavailable Will try later.

Anyone else got any thoughts about this.

Thx.

 

[gorguts]

I believe both Server A and Server B know your user/pass as you need to log into both of them in order to perform the server to server transfer therefore, they both also know your IP Address, obviously. Server A and Server B know about each other as they rely on TCP connections to communicate with one another therefore, IP Addresses are involved again and handshakes such as these are more than likely not spoofed. You are basically a remote control telling Server A to communicate with Server B directly and vice versa. That is why the transfer does not have to go through your system. The problem is that you could attack Server B from Server A and Server B would see the IP address of Server A as the source of the attacks. The maintainer of Server A would be the one who would be blamed not you. I am not an expert, but this is what I see if I recreate the scenario and view the packet capture dumps of the transaction.