ECONNRESET error on connection attempts via ATT Fixed Wireless

[Mark Hunnibell]

I recently had ATT install their "Fixed Wireless" service for Internet at my house. The ATT Fixed Wireless system uses an antenna on the roof to receive signal from the ATT cellular network to deliver Internet via a wire to a new router they installed the home. It is NOT a "hotspot." Anyway, after it was installed, I found I could no longer use FileZilla to connect via secure FTP to my server (I previously never had any trouble). Fortunately, I had not yet disconnected the previous Internet connection, so I switched to that router and was able to connect as I had previously.

I called ATT Fixed Wireless for some help and, although I ended up getting disconnected before I was connected to tech support, the "receptionist" opined that the issue could be related to lack of support for "port forwarding" in their ATT Fixed Wireless service. I do not have sufficient knowledge to know if that is the issue, but mention it in case there is any relevance.

The settings that I have always used for this server are:

Protocol: FTP - File Transfer Protocol
Host: ecbiz198.inmotionhosting.co Port: (blank)
Encryption: Use explicit FTP over TLS is available
Logon: Normal

Here is the dialog text for FAILURE TO CONNECT using ATT Fixed Wireless:

---

Status: Resolving address of ecbiz198.inmotionhosting.com
Status: Connecting to 104.193.142.7:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 5 of 150 allowed.
Response: 220-Local time is now 04:49. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 30 minutes of inactivity.
Command: AUTH TLS
Response: 502 AUTH TLS OK.
Command: AUTH SSL
Error: Could not read from socket: ECONNRESET - Connection reset by peer
Error: Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ecbiz198.inmotionhosting.com
Status: Connecting to 104.193.142.7:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 5 of 150 allowed.
Response: 220-Local time is now 04:49. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 30 minutes of inactivity.
Command: AUTH TLS
Response: 502 AUTH TLS OK.
Command: AUTH SSL
Error: Could not read from socket: ECONNRESET - Connection reset by peer
Error: Could not connect to server

---

Here is the dialog text for SUCCESSFUL CONNECTION using DSL:

---

Status: Resolving address of ecbiz198.inmotionhosting.com
Status: Connecting to 209.182.196.149:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Directory listing of "/" successful

---

I tried the two other "secure" protocols available in FileZilla (using the ATT Fixed Wireless network) and the result was the same unsuccessful connection attempt. Then I tried the standard unencrypted FTP over Port 21 and that worked fine (e.g. the ATT Fixed Wireless successfully connected me to my server using vanilla FTP, but would not work with any secure method).

I did not try SFTP because I have never been successful in getting that set up on the server or client side.

It is hard to believe this is not something I can resolve with a tweak to an existing setting (which I do not know about), but if not, it seems to me that is is going to prevent me from using FileZilla and I certainly hope that is not the outcome, because the ATT Fixed Wireless connection is 20 times faster than my now-disconnected DSL.

[Tim Kosse]

There is a malicious component sitting somewhere between the client and the server that is actively sabotaging the connection.

As it only happens with that particular ISP, it means that it is this ISP itself that is operating this malicious component.

[Mark Hunnibell]

Ummm... no. I don't think it has anything to do with malicious anything.

1. I works just fine with the old DSL connection and
2. I just checked to see how it worked with my iPad as a hotspot over a different cellular network (Verizon).

Unfortunately, I do not have another hosting company that I can test connection with. Are there any "open" servers I can try to log in with the same settings?

I think it is something unique to the configuration of the new router installed by AT&T for their Fixed Wireless system. I fiddled with opening ports on its firewall a bit yesterday, with no success.

Thanks.

[Tim Kosse]

So you tried different ISPs and it works, which confirms my earlier assessment that this particular ISP where it doesn't work is operating a malicious component.

[Mark Hunnibell]

NO. I am trying to be as clear as possible but am apparently missing the mark.

I tried a different site that offers FTP access for testing clients.

I was NOT able to connect to that test site using FileZilla using "explicit FTP over TLS if available." Same error.

This problem is repeatable with ALL FileZilla connection attempts over AT&T Fixed Wireless to ANY FTP server using "explicit FTP over TLS if available." As I said, I think it is something related to the new router and closed ports or something.

I HAVE been able to fiddle around and connect to this site by SFTP using AT&T Fixed Wireless (using the instructions on inmotionhosting.com) but am having to enter a password every time (I cannot seem to save the key password).

Please stop closing this report with baseless claims in conflict with the actual record.

[Tim Kosse]

Yes, it fails because that one of your ISPs is operating a malicious component that is actively sabotaging FTP over TLS.

Replace this faulty ISP and it will work. Simple as that.

[Mark Hunnibell]

This is very strange. An unnamed person keeps closing this issue and claims, with ZERO evidence and specificity, that there is some unspecified malicious software running on the network of AT&T. That seems highly unlikely, particularly when you have produced ZERO evidence supporting your claim. From the outset, I explained that AT&T said that their ATT Fixed Wireless service inhibits "port forwarding" in some way. I cannot understand how this could be the cause of the issue, but it seems FAR more likely to be the issue than some claim that AT&T is somehow infected with (or... worse... has installed and is operating) malicious code on their network. That is a rather scandalous and irresponsible accusation to level with ZERO proof and ZERO detail supporting it.

I reported the bug so that OTHER users of FileZilla might become aware of the issue, even if there are bug deniers claiming unspecified malicious code at play, that
(1) a problem DOES exist using ATT Fixed Wireless and FileZilla with FTP using explicit FTP over TLS is available and what the symptom is and
(2) I have been able to use SFTP to connect to the same servers, so that seems like the workaround if your hosting company provides for SFTP/SSH access.

Beyond that, it seems that FileZilla developers know more than everyone else, think that AT&T is operating malicious software, and their advice is to stop using AT&T.

Awesome!

[Tim Kosse]

Run a packet sniffer on both the client machine and the server machine and compare the data. You will see that something in the middle has changed the data. In particular, note how the reply to the AUTH command has been sabotaged. This changing of the data is done with the intent to stop FTP over TLS from working.