Note: This site will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device.

It's a weblog! ... sort of.

Friday, April 26 2024

Main Menu

Home
Topics

News Links

Transvasive Security
OpenBSD Journal
daemonnews
MacRumors
MacSlash
Surfin' Safari
Slashdot (Apple)
Slashdot (BSD)
Slashdot (YRO)
Slashdot

Campaign

Browse Happy logo

Access

If you do not have an account, you can create one.

FXP and the FTP underground

Hackers

A while back, a reference to an FTP mp3/warez kiddies tutorial was posted to one of the security mailing lists I subscribe to. Although the author of the post was lamenting the fact that this information existed, I was really struck by the cleverness of the idea of the "FXP Protocol."

To understand FXP and why it was created, it helps to understand the underground FTP community.

If you've ever run an FTP site (I have) you'll know that sites are constantly being scanned by warez kiddies looking for "pubs" aka ftp sites that allow anonymous uploads, which they use for storing mp3s, pirate software, and whatever else they happen to have (and they generally have a lot). From my own experience, the vast majority of these users are trading in mp3s, and most of them are accessing the network from European ISPs, usually wanadoo.fr (France) or t-dialin.net (Germany), and usually using dial-up connections (common in Europe since Broadband is so expensive there). So, what you have is a bunch of kids wanting to store and move large amounts of data through a low speed connection.

FXP, aka "File eXchange Protocol" isn't a real protocol -- it is a hack of passive FTP. The hack essentially convinces both the sending and receiving server that they're talking to a normal FTP client, when in fact they're sending to each other. The trick relies on the fact that the FTP control and FTP data connections are separate. The "FXP" client tells the receiving site to wait for an FTP upload, and initiates a download from the sending site, but redirects the sender to the receiving site. This won't work with all sites, but it does work with enough that a number of FXP clients have been written. Thus, the FXP client lets someone on a low-bandwidth connection move big files around without moving them through the slow lingk.

In many ways, this is like the AOL hack where warez traders would first e-mail their file collection to their own account. (usually one of AOL's 30-day free trial accounts with a bogus credit card #) This way, when they wanted to trade with other AOL users, all they had to do was forward the mail. Forwarding mail happened on AOL servers, so it took very little time to move the files around once they had been uploaded.

I'm always impressed by the ingenuity of hackers.

posted by Loki on Mon, 17 Dec 2001 13:35:14 -0600

Powered by OpenBSD Powered by Apache Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS Valid RSS!

xml News aggregators can get a full RSS feed from rss.php.
RSS browsers supporting the feed URI scheme can get a full RSS feed here.

All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the Poster. The Rest © 2001-2005 technomagik.net