ftp question

JuneJones

Can an exe file be uploaded by ftp if you do not have an ftp client? It is a diagnostic exe.
Could the file include a ftp client to upload itself when send is pressed without the pc owners knowledge and bypass firewall?

Are all uploads to sites by ftp? Is uploading a picture here using ftp?

Dravokivich

JuneJones wrote: »

Is uploading a picture here using ftp?

On a website it's HTTP.

What you are asking about is File Transfer Protocol. Works on a server(host)/client basis.

JuneJones

Dravokivich wrote: »

On a website it's HTTP.

What you are asking about is File Transfer Protocol. Works on a server(host)/client basis.

Ok to upload here is http? can File Transfer Protocol.work if the person does not have a client? could the exe include a client?

ED E

An exe is a program, so any exe could in theory be an FTP client.

All modern versions of windows have an FTP client(a basic one) integrated into exporer. So chances are you have one.

JuneJones

ED E wrote: »

An exe is a program, so any exe could in theory be an FTP client.

All modern versions of windows have an FTP client(a basic one) integrated into exporer. So chances are you have one.

on vista? If you were using firefox would it still use explorer to upload without the persons knowledge? Does a firewall block ftp

ED E

It seems you're skirting telling us what actually happened or what you suspect happened.

If somebody got infected, yes, they could have been an idiot, downloaded a virus from an FTP link and ran it.

JuneJones

ED E wrote: »

It seems you're skirting telling us what actually happened or what you suspect happened.

If somebody got infected, yes, they could have been an idiot, downloaded a virus from an FTP link and ran it.

seems you are skirting around reading what i wrote. i never said anything about avirus or downloading. i asked about uploading and said it was a diagnostic exe

My question if anyone knows the answer is

If you were using firefox would it still use explorer to upload without the persons knowledge? Does a firewall block ftp

Firblog

JuneJones wrote: »

Can an exe file be uploaded by ftp if you do not have an ftp client? It is a diagnostic exe.

Uploaded to where?

JuneJones wrote: »

Could the file include a ftp client to upload itself when send is pressed without the pc owners knowledge and bypass firewall?

When send is pressed?? Is this on an email client sending an email to someone else?

Could you just give an example / tell us what happened and what you suspect?

JuneJones

Firblog wrote: »

Uploaded to where?

to the server of the company that send the file

Firblog wrote: »

When send is pressed?? Is this on an email client sending an email to someone else?

Could you just give an example / tell us what happened and what you suspect?

It was a diagnostic exe sent by a company when we had trouble with a program

When the exe is run it collects information and there is a send button which either sends by email to the company or uploads to their server.

I want to know if it was sent. someone was playing about with it and pressed send. It did not trigger firewall alert and there is no ftp client in this pc unless a built in one in explorer. we use firefox.Could the exe have a built in ftp and would it upload without our knowledge?

The question is could it have been uploaded without our knowledge. I am not sure what info it gathers.

Thans

maki

If it was a executable it likely would have sent the data via TCP, but to be honest there's no way of really knowing for sure unless you break out a packet sniffer. Outgoing connections won't trigger an alert on Windows Firewall, but would on a third party firewall with outgoing rules.

There are plenty of protocols over which the data could have been sent. I don't know why you're focusing on FTP.

Khannie

JuneJones wrote: »

Ok to upload here is http? can File Transfer Protocol.work if the person does not have a client? could the exe include a client?

Your question isn't really clear. Can you spell it out a bit using "computer A" and "computer B" or "johnny" and "billy" type thing.

There needs to be a server for an upload to occur.

The server for boards is a HTTP server. When you attach a file to a post it is sent from the HTTP client (your browser) to the already running HTTP server (the boards web server).

If you want to upload a file with FTP then there needs to be an FTP server to upload it to. You can't just make one happen on a remote machine. You could, for example, email them an executable which contains an FTP client. If that executable were foolishly run, that client could connect to an external server and download (or upload) something.

JuneJones

maki wrote: »

If it was a executable it likely would have sent the data via TCP, but to be honest there's no way of really knowing for sure unless you break out a packet sniffer. Outgoing connections won't trigger an alert on Windows Firewall, but would on a third party firewall with outgoing rules.

There are plenty of protocols over which the data could have been sent. I don't know why you're focusing on FTP.

will a sniffer find evidence of something that happened before the sniffer was running?

Khannie

Can you just stop the cloak and dagger stuff and tell us what has happened?

28064212

JuneJones wrote: »

It was a diagnostic exe sent by a company when we had trouble with a program

When the exe is run it collects information and there is a send button which either sends by email to the company or uploads to their server.

I want to know if it was sent. someone was playing about with it and pressed send. It did not trigger firewall alert and there is no ftp client in this pc unless a built in one in explorer. we use firefox.Could the exe have a built in ftp and would it upload without our knowledge?

The question is could it have been uploaded without our knowledge. I am not sure what info it gathers.

The answer to the bolded question is most definitely yes. The method by which it (could) have been sent is irrelevant, whether it was ftp, http, telnet, smtp or carrier pigeon. Forget about the method. Whether it would have triggered a firewall alert is not something anyone here can answer, it would depend entirely on your configuration.

I'm not sure what you mean by "without our knowledge" though. You/someone pressed "Send" => information was sent. That's not without your knowledge, that's with your explicit approval

Khannie

JuneJones wrote: »

It was a diagnostic exe sent by a company when we had trouble with a program

When the exe is run it collects information and there is a send button which either sends by email to the company or uploads to their server.

I want to know if it was sent. someone was playing about with it and pressed send. It did not trigger firewall alert and there is no ftp client in this pc unless a built in one in explorer. we use firefox.Could the exe have a built in ftp and would it upload without our knowledge?

The question is could it have been uploaded without our knowledge. I am not sure what info it gathers.

Oh, sorry. I missed this. Yes, it could have been uploaded without your knowledge over HTTP or HTTPS for example. The last answer does cover it. If you launch an application that you don't trust, it could really send anything.

JuneJones

28064212 wrote: »

The answer to the bolded question is most definitely yes. The method by which it (could) have been sent is irrelevant, whether it was ftp, http, telnet, smtp or carrier pigeon. Forget about the method. Whether it would have triggered a firewall alert is not something anyone here can answer, it would depend entirely on your configuration.

I'm not sure what you mean by "without our knowledge" though. You/someone pressed "Send" => information was sent. That's not without your knowledge, that's with your explicit approval

Without knowing for sure. there was no alert and i have comodo firewall. it is set to block any outgoing connection if it is unknown

kstand

OK - I'm a bit confused by the questions to be honest.

First of all - who is sending who the exe? Are you connecting to an ftp server and trying to pull it down from there? Or is it being sent by email? Or what is happening?

Most email servers will block any email with a .exe attachment.
And if you were trying to access an ftp server external to your company then you would have to go through your local firewall.

JuneJones

kstand wrote: »

OK - I'm a bit confused by the questions to be honest.

First of all - who is sending who the exe? Are you connecting to an ftp server and trying to pull it down from there? Or is it being sent by email? Or what is happening?

Most email servers will block any email with a .exe attachment.
And if you were trying to access an ftp server external to your company then you would have to go through your local firewall.

ah come on guys i wrote it before -:)

1 It was a diagnostic exe sent by a company when we had trouble with a program. They sent it by email to me on my home pc

2 When the exe is run it collects information and there is a send button which either sends by email to the company or uploads to their server.

3 i am not connecting to an ftp server. someone was playing about with it and pressed send on the gui the exe opens. i want to know i the company could have put an ftp in the exe so it would upload itself when send is pressed


I cannot see why people say i am skirting around, i have put this up already

Khannie

JuneJones wrote: »

3 i am not connecting to an ftp server. someone was playing about with it and pressed send on the gui the exe opens. i want to know i the company could have put an ftp in the exe so it would upload itself when send is pressed

Without seeing the firewall settings or verifying that it works as you expect, the answer is yes, it could have sent more or less anything.

You can test yourself if it sent anything with a tool called "wireshark". It's difficult enough to use if you're not familiar with it though.

Dravokivich

kstand wrote: »

OK - I'm a bit confused by the questions to be honest.

First of all - who is sending who the exe? Are you connecting to an ftp server and trying to pull it down from there? Or is it being sent by email? Or what is happening?

Most email servers will block any email with a .exe attachment.
And if you were trying to access an ftp server external to your company then you would have to go through your local firewall.

This is why we are all saying the thread doesnt make sense.

He has a dignostic software, that after completing a job gives the user am option to submit the results by pressng a send button.

Op seems to think becuase he doesnt know whether or not it sent or by what means it was sent, it is unknown and as such undefined by his firewall software.

Op, just becuase you clearly dont understand it doesnt mean you will always have to state to your firewall what each bit of information is, where its from or where it goes. It could be using some type oc messenger client to submit the results, or populate a webform hidden from your view and just uaing the http ports youve already opened.

You will need to speak with whoever sent you the software. Or state what the name of the software or who provided it for any of us here to say what occured.

Id recomme d taking it up with whoever gave you the software.

kstand

JuneJones wrote: »

ah come on guys i wrote it before -:)

1 It was a diagnostic exe sent by a company when we had trouble with a program. They sent it by email to me on my home pc

2 When the exe is run it collects information and there is a send button which either sends by email to the company or uploads to their server.

3 i am not connecting to an ftp server. someone was playing about with it and pressed send on the gui the exe opens. i want to know i the company could have put an ftp in the exe so it would upload itself when send is pressed


I cannot see why people say i am skirting around, i have put this up already

It most likely sent it via email - check your sent items.
Your PC should have an ftp client and the app you downloaded and ran could have an ftp session coded into it but the remote ftp server would need to have a public address (it would also need a username and password but they could be hard coded into the binary). So it is possible - but if there is a firewall in between that explicitly blocks the ftp ports then this would fail.

28064212

JuneJones wrote: »

3 i am not connecting to an ftp server. someone was playing about with it and pressed send on the gui the exe opens. i want to know i the company could have put an ftp in the exe so it would upload itself when send is pressed

They wouldn't have to put an FTP client in the exe, an exe can communicate over (essentially) any port and protocol. Your firewall may or may not be configured to block the particular method from the particular program, but without a detailed knowledge of exactly what your firewall configuration is, and exactly what method the program used, there's no way to know.

JuneJones

OK thanks everyone.

JuneJones

kstand wrote: »

It most likely sent it via email - check your sent items.
Your PC should have an ftp client and the app you downloaded and ran could have an ftp session coded into it but the remote ftp server would need to have a public address (it would also need a username and password but they could be hard coded into the binary). So it is possible - but if there is a firewall in between that explicitly blocks the ftp ports then this would fail.

not in sent items

kstand

JuneJones wrote: »

not in sent items

Is there any ftp site you can try and connect to? Try that and you'll know soon enough if your FW blocks ftp.

JuneJones

kstand wrote: »

Is there any ftp site you can try and connect to? Try that and you'll know soon enough if your FW blocks ftp.

no ftp site that i know of

edit connected to ftp at ms dot com Obviously fw does not block

28064212

kstand wrote: »

Is there any ftp site you can try and connect to? Try that and you'll know soon enough if your FW blocks ftp.

Knowing whether their FW blocks FTP doesn't really help though. The program could have sent the data over http, https, smtp, telnet etc. etc.

kstand

28064212 wrote: »

Knowing whether their FW blocks FTP doesn't really help though. The program could have sent the data over http, https, smtp, telnet etc. etc.

True - but she specifically asked about ftp.

maki

kstand wrote: »

True - but she specifically asked about ftp.

I think she's under the impression that FTP is the only way to transfer files over the Internet.

JuneJones

maki wrote: »

I think she's under the impression that FTP is the only way to transfer files over the Internet.

no she is not actually

advertsfox

JuneJones wrote: »

ah come on guys i wrote it before -:)

1 It was a diagnostic exe sent by a company when we had trouble with a program. They sent it by email to me on my home pc

2 When the exe is run it collects information and there is a send button which either sends by email to the company or uploads to their server.

3 i am not connecting to an ftp server. someone was playing about with it and pressed send on the gui the exe opens. i want to know i the company could have put an ftp in the exe so it would upload itself when send is pressed


I cannot see why people say i am skirting around, i have put this up already

So its a log gathering utility that a company sent you, OK this is normal as the company I work for has the exact same type of tool (open app, scan PC for specific technical information, ZIPs it and prompts to send to us at the end which happens to be our FTP server).

Regarding 3. There doesn't have to be "an FTP" included with the software as its a protocol that Windows supports natively. You can upload a file over command prompt with a sample being like so:

C:\>ftp www.example.com
Connected to abc.def.net.
220 abc.def.net FTP server ready.
User (abc.def.net:(none)): joebloggs
331 Password required for joebloggs.
Password:
230 User joebloggs logged in.
ftp>
ftp> put myfile.pdf

http://www.techscribe.co.uk/ta/ftp.htm

So to answer your question, there would be no FTP client included with the diagnostic utility as its a part of the OS. Any firewall prompts (if any) would appear on execution of the diagnostic EXE, prior to running / scanning or uploading. You would have given permission for the app to do anything when you click Allow / Yes.

BTW, everyone here has been trying to help but your questions have not been worded great, this is why more than one poster ask for extra details. I can only answer myself from your second post I've quoted.