FTP Passive Mode May Allow Denial of Service
Reported July 17, 1998 by Microsoft

VERSIONS AFFECTED

  • Internet Information Server 2.0, 3.0, 4.0

DESCRIPTION

The IIS FTP service employs a passive mode (PASV), which can be a source of performance degradation and lead to denial of service attacks on the FTP and WWW services. In such cases, the System Log will show errors which may look like the following:

FTP Server could not create a client worker thread for user at host <some IPAddress>. The connection to this user is terminated. The data is the error.

In addition, client systems may see error messages, such as

Connection closed by remote host  -or- The FTP session was terminated

The problem may occur because it is possible to use all available system threads for servicing clients, which leads to the above stated errors until threads are once again available.

SOLUTION

Load the proper hotfix -- U.S. version fixes are listed below. International users should check Microsoft"s FTP directory for proper hotfix versions.

07/16/98 08:04PM 165,576 ftpfix3a.exe IIS 2.0 & 3.0 Alpha
07/16/98 08:04PM 132,832 ftpfix3i.exe IIS 2.0 & 3.0 Intel
07/16/98 10:00PM 666,448 ftpfix4a.exe IIS 4.0 Alpha
07/16/98 10:00PM 455,968 ftpfix4i.exe IIS 4.0 Intel
07/16/98 05:06PM 5,902 Q189262.TXT Knowledge Base article
07/16/98 07:02PM 1,507 Readme.txt Information about the files