-   Linux - Security (
-   -   Why is ProFTPD responding to active connections using Covia? (

transient 04-13-2012 02:58 PM

Why is ProFTPD responding to active connections using Covia?
Hi all-

I Googled for Covia/port 64 and didn't get any information that was either useful or that I could understand. Entirely possible my Google Fu is weak so I get it if you respond with a link you found on Google that you feel explains this.

I installed ProFTPD on my Ubuntu server. Using Wireshark I'm seeing that when my PC initiates an active FTP session to my server, the responding port (the data connection port) on the server is not port 20 as I would expect, but port 64, which belongs to some process called Covia.


Transmission Control Protocol, Src Port: ftp (21), Dst Port: 49296 (49296), Seq: 229, Ack: 73, Len: 0
Source port: covia (64)
Destination port: 49298 (49298)
Any idea why this is? I was able to find that Covia is a "Communications Integrator" but no info as to why it's the one handling the other end of my FTP connection. Not even specifically if it's something ProFTPD installs. Is anyone else running ProFTPD that has seen this? Should I be concerned?

unSpawn 04-13-2012 06:01 PM

Port name resolution is by default based on the /etc/services "database". The file contains official (IANA) and local assignments. Since these are static (as opposed to active probing) port - name pairs resolution can be off at times. IMO the easiest way to confirm it actually is FTP-ish traffic and not the Covia Communications Integrator protocol would be to have Wiresharks FTP traffic dissector display actual packet capture contents.

Jamiemco 09-12-2014 12:39 AM

Reply about Why is ProFTPD responding to active connections using Covia?
Hi Transient, I was one of the developers of the Communications Integrator (CI) back in the late 80's and early 90's. The CI was the first middleware product that allowed lu's (logical units which can be applications, and hardware endpoints) to communicate without needing to know the routing, or the protocols necessary to traverse in order to transmit a message from end to end. The end points just needed to know a simple name that was assigned to the other end point it wanted to talk with. Back in those days, there was a lot of record keeping because hardware resources were scarce due to their expense. The CI reserved port 64 back then because they didn't know that desktop computers would have thousands of ports in the near future when the internet became a reality. Back then, no one knew how PCs and protocols would end up using the internet. Anyway, those port reservations are a leftover from the past. The communications integrator evolved into what is known as TCP/IP, and the internet. Yes, there are stories about the internet being invented in Switzerland, or by the government in the USA, or some universities. One or all of the entities did create document (a computer file) access over a disparate network using what we now know as hypertext (an html anchor). Who did what first is anyone's guess. As for the port reservation, do worry about it. There is no formal CI app running these days so you can block it or ignore it. The company which I work for that made the CI was named Covia and then Covia technologies. It was an airline TPF shop, that supported United Airlines' Apollo Reservation system. We created the CI out of need. We saw how it made application development much easier and then we talked American Airlines into buying it. TPF shops also use MVS mainframes. We created an MVS version and then sold it to MCI and the phone company in sweeden, and Citicorp. As it grew we learned all we needed to do was implement interfaces for the different network protocols (SNA, APPC, APPN, HLH, and more)and then write clients for the operating systems of the machines that would use it. I moved on from those technologies a long time ago and transitioned into the pc/mac using the internet world. I invented technology almost 20 years for which I later got a patent which was allowed in 2011 (it took five years). The patent number is 7,987,168. The easiest way to explain my invention is when you use a browser and you type words separated by a space instead of a web address you see a search result web page from the browser's default search engine; e.g. definition of perspicacity, local time new York, etc... I never thought I would wind up making things that are used on every device in the world. It is humbling and a big responsibility. I'm in the process of creating the next version of the internet and how everyone will use it. Send me your email if you want me to include you in the list of people who will receive the announcement when it is ready for the public. Hope everything is working good for you. Oh yeah, get really really good at Linux. That is what intel's new processors, the i3,i5, and i7 use in the second processor they contain which has a cellular 3g transmitter. Do a search for intel ivybridge processors, or how to disable intel 3g processor on google to learn about that crazy new technology. That way, the operating system vendors can honestly say their software is not spying on you because the hardware has a second separate processor running Linux that can be powered by the electricity coming from an Ethernet cable if the power cable to the computer is unplugged. The processor receives commands via cellular signals from your local cell phone tower. The separate chip can access the hard drive and all peripherals of the machine even when it is off. So unplug the Ethernet, and the power plug when you shut down your pc and/or mac at night if it has one of those new fangled processors.

All times are GMT -5. The time now is 03:17 PM.