FTP/SSL requires outbound port 80 the first time it's used

Question

After installing the File Transfer Pack on one of our servers for testing, I attempted to run my C# application but was unable to connect to the server using FTPS on the Internet (meanwhile, the same program worked flawlessly from my workstation). When connecting to a non-secured local FTP server, I had no trouble.

After some investigation, one of our network admins discovered that a connection to port 80 was attempted for the following IPs when connecting to the external FTPS server:

8.27.243.253  
4.23.40.126  
199.93.63.126

We block port 80 outbound for our internal servers, so this failed. I had him open port 80 for this server briefly, and my application executed successfully. He then restored the original configuration (blocking port 80), and my application once again succeeded. So it appears that this is only required on the first usage of the FTPS components.

We could not find any information on these IPs and they are not associated with the FTPS server the application is connecting to. What is the purpose of the activity that we observed? It appears that we will have to open port 80 temporarily for each server we use the components on for that first usage to contact those servers.

Answer 1

No part of Rebex File Transfer Pack connects to port 80 of any site unless instructed to do so by the user of our API (or a misconfigured FTP server).

The three IP addresses listed are operated by Level3 Communications and are used by their content delivery platform by customers such as Microsoft, Facebook or big media corporations who need to serve extreme-high-traffic content to their users. For example, Microsoft utilizes Level3's servers for distributing their Windows updates through *download.windowsupdate.com - try this Google search, for example. This page lists all these three IP addresses as used by video.l3.facebook.com* (another high-traffic site) and this page lists tens of other high-traffic sites that also use these IPs (and also tens - if not hundreds - of other IPs for load balancing).

Windows Update Service (part of Windows) looks like the most likely source of the connection attempts you observed and the fact that this occured while an applicaiton running Rebex FTPS was active seems to be a coincidence.