http response codes

When analyzing network traces, sessions, or logs, you’ll see the following codes used within HTTP transactions. Knowing what they mean can be very helpful in figuring out what is happening. When you get a call that the intarweb is broken, ask them to tell you the little number that is on the web page…then wow them with your knowledge.

code meaning
100 Continue
101 Switching protocols
200 ok
201 Created
202 Accepted
203 Non-authoritative information
204 No content
205 Reset content
206 Partial content
300 Multiple choices
301 Moved permanently
302 Moved temporarily
303 See other
304 Not modified
305 Use proxy
400 Bad request
401.1 Unauthorized:login failed
401.2 Unauthorised:login failed due to server misconfiguration
401.3 Unauthorized:Unauthorized due to ACL on resource
401.4 Unauthorized:Authorization failed by filter
401.5 Unauthorized:Authorization failed by ISAPI/CGIapp
402 Payment required
403.1 Forbidden:Execute Access Forbidden
403.2 Forbidden:Read Access Forbidden
403.3 Forbidden:Write Access Forbidden
403.4 Forbidden:SSL required
403.5 Forbidden:SSL 128 required
403.6 Forbidden:IP address rejected
403.7 Forbidden:Client certificate required
403.8 Forbidden:Site access denied
403.9 Access Forbidden:Too many users are connected
403.10 Access Forbidden:Invalid Configuration
403.11 Access Forbidden:Password Change
403.12 Access Forbidden:Mapper Denied Access
403.13 Client certificate revoked
403.14 Directory listing denied
403.15 Client Access Licenses exceeded
403.16 Client certificate untrusted or invalid
403.17 Client certificate has expired or is not yet valid
404 Requested resource not found
404.1 Web site not found
405 Method not allowed
406 Not acceptable
407 Proxy authentication required
408 Request time-out
409 Conflict
410 Gone
411 Length Required
412 Precondition failed
413 Request entity too large
414 Request url too large
415 Unsupported media type
416 Requested Range Not Satisfiable
417 Expectation Failed
500 Server error
500.12 Application restarting
500.13 Server too busy
500.15 Requests for Global.asa not allowed
500-100 ASP error
501 Not implemented
502 Bad gateway
503 Out of resources
504 Gateway time-out
505 HTTP version not supported

 

ftp response codes

When analyzing network traces, sessions, or logs, you’ll see the following codes used within FTP transactions. Knowing what they mean can be very helpful in figuring out what is happening.

code meaning
110 Restart marker reply
120 Service ready in (n) minutes
125 Data connection already open, transfer starting
150 File status okay, about to open data connection
200 Command okay
202 Command not implemented
211 System status, or system help reply
212 Directory status
213 File status
214 Help message
215 NAME system type
220 Service ready for new user
221 Service closing control connection
225 Data connection open, no transfer in progress
226 Closing data connection. Requested file action successful
227 Entering Passive Mode
230 User logged in, proceed
250 Requested file action okay, completed
257 PATHNAME created
331 Username okay, need password
332 Need account for login
350 Requested file action pending further information
421 Service not available, closing control connection
425 Can’t open data connection
426 Connection closed, transfer aborted
450 Requested file action not taken. File unavailable (e.g., file busy)
451 Requested action aborted, local error in processing
452 Requested action not taken. Insufficient storage space in system
500 Syntax error, command unrecognized
501 Syntax error in parameters or arguments
502 Command not implemented
503 Bad sequence of commands
504 Command not implemented for that parameter
530 User not logged in
532 Need account for storing files
550 Requested action not taken. File unavailable-or-I/O Error: Socket Closed
552 Requested file action aborted, storage allocation exceeded
553 Requested action not taken. Illegal file name

im in ur datastreams, fixup’in’ ur protokols

So the other day, I found myself involved in two different attempts to fix the same problem, which had apparently been an issue for over a year for these guys. They both wanted to use FTP to move files from a host on one segment, to an FTP server on another segment. Sounds simple, right? Well if it was, I wouldn’t be writing this article, would I?

 

Situation:
-Two hosts need to communicate with one another using FTP
-across a firewall
-NAT is in place
-the FTP server is using the non-standard port 1959

First, a review of FTP is in order. The current RFC for FTP is 959. Note that FTP commands embed network addressing within the Application layer of the protocol each time a PORT command (amongst others) is issued. The client embeds its IP address in the command, as so.

PORT 010,001,001,024,016,002

Note that the address is represented as padded, comma separated octets. The FTP server uses that information to open a connection back to the client for the data transfer. In this instance, the FTP client is on one network segment, the FTP server is on another, and there is a firewall between them. In the stream, the client’s network traffic is translated by the firewall so that it appears to be at the desired address, even though it is located on another network. This is transparent to both hosts, and to the user. Unfortunately, the FTP server cannot access the FTP client at the real ip.addr (10.1.1.24) because the NAT represents the FTP client as having ip.addr 10.3.1.24.

While Network Address Translation is frequently used, there are limitations to what it can do. The normal NAT process can only alter ip.addrs at the Network layer, and port numbers at the Transport layer. For many protocols, this is sufficient to permit the use of NAT, and to do so in a way that is transparent to the user, the hosts, and the application protocol(s) in use. There are however certain protocols that embed the ip.addr and/or port within the Application layer, as FTP does in its port commands. NAT does not inspect the Application layer, so when the destination host receives traffic with one set of addressing at the Network and/or Transport layer, and another set of addressing at the Application layer, problems will occur. This will break RPC traffic completely. For other traffic, there is the fixup command.

PIX firewalls have a feature called fixup which is enabled by default for many protocols on default (IANA assigned) ports. In the firewall configuration, this command is present.

fixup protocol ftp 21

Fixup does several things, but in this case we are most interested in its ability to basically perform NAT functions at the Application layer. Fixup can substitute the NAT address for the real one in the PORT commands transparently, neatly fixing the problem. Of course, if the FTP service had been bound to the default port, this would not have been a problem to begin with. The necessary action on the firewall is to add this command.

fixup protocol ftp 1959

Problem solved.

Summary:

  1. Whenever possible, stick with default ports.
  2. When using NAT, evaluate the protocols in use for whether or not they play nicely with NAT.
  3. Use the fixup protocol command to inspect the application layer and make relevant corrections.
  4. Remember that not all protocols can be fixed up!

here endeth the lesson 😉