FTP Login slow

The login process FTP thru a WRT150N to remote servers is quite slow,
around 10 seconds. After that transfers go rapidly in both directions.
It was suggested that I set a "Port Triggering Range" for FTP but it did
not help. After I noticed that the delay seemed to be servers associated
with a specific ISP, I contacted them and got this reply: The delay is
due to the IDENT/AUTH request that comes from the FTP server when you
connect. It is a server-dependent setting and is fairly common and
applies to other services as well (i.e. SMTP, and even POP3/IMAP).. The
good thing is it is usually easy to set up your router to send back a
"reset" message (i.e. block the connection and send back a notice vs.
silently block) when the request comes in. That will allow the
IDENT/AUTH to happen quickly (almost instantaneous). I don't see
anything about this in the admin page.

Mike


------------------------------------------------------------------------
View this thread: http://www.wirelessforums.org/showthread.php?t=33131
http://www.wirelessforums.org

eznoh <(E-Mail Removed)> hath wroth:

>The login process FTP thru a WRT150N to remote servers is quite slow,
>around 10 seconds. After that transfers go rapidly in both directions.
>It was suggested that I set a "Port Triggering Range" for FTP but it did
>not help. After I noticed that the delay seemed to be servers associated
>with a specific ISP, I contacted them and got this reply: The delay is
>due to the IDENT/AUTH request that comes from the FTP server when you
>connect. It is a server-dependent setting and is fairly common and
>applies to other services as well (i.e. SMTP, and even POP3/IMAP).. The
>good thing is it is usually easy to set up your router to send back a
>"reset" message (i.e. block the connection and send back a notice vs.
>silently block) when the request comes in. That will allow the
>IDENT/AUTH to happen quickly (almost instantaneous). I don't see
>anything about this in the admin page.

Your ISP should not be using IDENT as most router manufactuers and
users consider it a security problem. It's really the ISP's problem
on their ftp server or router configuration. See:
<http://www.cisco.com/warp/public/110/2.pdf>
as an example. Contrary to what your ISP claims, it is NOT common to
use IDENT for ftp and other services. If you sniff the incoming
traffic, or look at the router logs, you might see the IDENT packets
being dropped at your firewall.

If the ISP won't cooperate, then install the IDENT daemon at:
<http://sourceforge.net/projects/identd/>
It works on W2K and XP. No clue about Vista. You'll also need to
redirect port 113 to your PC (I would use port triggering for this) in
the WRT150N. That should satisfy the ftp server happy.

It's also possible that IDENT is not the problem. Some ftp servers
insist on running a reverse-DNS lookup on all connections. Your ISP's
DNS server may not be doing that properly. Yours seems to be ok at:
62.82.88.76.in-addr.arpa PTR cpe-76-88-82-62.san.res.rr.com.
but I'm not sure if you're having the problem at this particular IP
address.

Out of curiousity, does your WRT150N hang or lockup?


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann <(E-Mail Removed)> hath wroth:

>If the ISP won't cooperate, then install the IDENT daemon at:
><http://sourceforge.net/projects/identd/>
>It works on W2K and XP. No clue about Vista. You'll also need to
>redirect port 113 to your PC (I would use port triggering for this) in
>the WRT150N. That should satisfy the ftp server happy.

Argh, wrong. Port triggering won't work with IDENT as there is no
outgoing traffic on which to initiate the triggering. You'll have to
use port forwarding instead.

If you run an alternative Linux based firmware in your router, you can
also setup IDENT services in the router. See:
<http://www.dd-wrt.com/wiki/index.php/WRT150N> v1 only, not v2.
<http://www.acm.org/crossroads/xrds6-1/linuxsec.html>


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558