Security Log File

AudioGalaxy/FTP problems - March 15, 2002 CIS has received several reports from clients who are experiencing problems with using AudioGalaxy. This statement explains the situation. A planned network security upgrade documented at http://www.unh.edu/cis/notices/security_updates.html corrected a security problem associated with incorrect implementations of FTP services. AudioGalaxy uses FTP as its transfer mechanism. However, it fails to comply with standard FTP practices and for that reason it does not successfully negotiate its way past the upgraded UNH Internet security systems.

This is the same issue that caused the problem with QVT-FTP as documented at the above URL. These programs fail to comply with recommended best practices, and therefore are not compatible with the UNH’s security architecture. Recent upgrades to that architecture prevented these applications from establishing connections, as these upgrades prevent certain historic FTP exploits. Any program that fails to implement the standard FTP protocol can create network traffic that appears to be very similar to these exploits.

The upgrades, while necessary, were delayed as long as possible to enable the UNH user community to migrate to an alternative FTP program. However, recent malicious activities that threatened the UNH network required that the upgrade be completed and finalized. While AudioGalaxy was not specifically targeted when these upgrades were implemented, services for this product cannot be restored as long as the product has the problematic implementation of FTP.