Home

Main
FSP Servers
FSP Software
FSP Downloads

FSP project
FSP Team
Testers needed
Open tasks
Wizards vs CSH

Mailing lists
Bug Tracker

FSP Documents
Purpose
History
Articles
Today
Future
INFO
FAQ Old | New
FSP Protocol
Quotes

FSP suite
Browse Code
Copyright
Changelog
TODO
Open Hub page

Java library
Browse Code
API
READ.ME
Changelog
Open Hub Page

FSP C library
Browse Code
README
NEWS
Changes
TODO
Open Hub page

FSP proxy
Browse Code
READ.ME
Changelog

PyFSP
Browse Code

FSP entry in
GNU dir
Wikipedia

My projects
FSP Client
Download Machine
Smart Cache
SC Loader
Old programs

SF Logo

Quotes about FSP

'FSP' refers to 'file service protocol.' It is used to facilitate a large volume of file activity without causing the system to "crash." Approximately 180 computers contacted the BBS over a single 16-hour period of time it was in operation, downloading hundreds of computer software files containing copyrighted commercial programs during that same period.

Jeanne Kempthorne Assistant United States Attorney -- November 24, 1993, at Cambridge

The leading cause of the sudden rise of piracy on Soda, it was agreed, is the use of FSP. FSP itself does not cause users to illegally copy software, but it does make its distribution easier. Getting rid of the FSP client on Soda would not solve the problem, nor would banning its use -- there are legitimate sites offering FSP support. Instead of squelching the means of illegal copying and in the process turning off a useful service, ways to catch users pirating software were talked about instead.

Two possible probable causes were discussed. Dave thought we should not search an account until we check the FSP site that the user connected to for pirated software. Matt thought massive amounts of disk space warranted a search.

Because too many people considered being a Disk H0zer as a somewhat arbitrary and unfair reason, it was decided for now not to search an account with root unless the user connected (and made transfers) from an FSP site containing pirated software. The burden is on us to find out if a site has pirated software.

-- Minutes of the Politburo meeting 02/22/93 7:20pm

The id ftp site is: ftp.idsoftware.com.
The id fsp site is: fsp.idsoftware.com, port 21.

**The ftp site is having problems. We are aware of this.
**Should be fixed soon.

(they're both the same, but we prefer you use fsp, if you can)

-- id software finger file

FSP is a file transfer protocol similar to FTP which uses UDP to transport files. FSP is widely used by attackers to move files from host to host. It is also used widely by software pirates to allow easy access to caches of illicit software.

'FSP' is a protocol used to transfer files between machines on the Internet. FSP was designed to impact the serving computer less than a traditional FTP server. It never grew to common usage at the Internet archives. It is primarily used by hackers and software pirates because its use is less easily detected. The presence of an FSP server on a machine is usually evidence of a break-in or misappropriation of computing resources.

CyberCopASaP Vulnerability Guide -- Feb 2000

FSP is an alternative to FTP that transfers files using UDP. The majority of FSP activity is illegitimate, but there may occasionally be legitimate uses.

-- K beta

FSP is a File Service Protocol based on UDP, for anonymous transfers. It is very unsafe and is normally deprecated on modern Internet-based systems.

Summary: An unsafe file transfer protocol is enabled and must be disabled.

-- VIGILANTe.com

FSP was an anonymous-FTP replacement popular during the mid-1990s. By using UDP for the underlying transport rather than TCP, a FSP server could scale to many more clients than an FTP server.

In addition, FSP includes traffic-shaping features, and forbade clients from downloading files too fast. By forcing everyone to download files somewhat slowly, it could support many more simultaneous clients.

iss.net --

I've never used FSP in many years of connectivity. At the university I attend it is banned by all departments, because a few years back most FSP sites were warez sites.

Hamish Moffatt -- Debian bug report

well, Fsp is a protocol that allows you to get files form other sites. The big diffrence is that you never really log into those sites. you are there, but you ain't. (Alos the >=1kps transfer rates a way slow compared to the 6,7 + kps i get on FTP)

wincroft -- Jul 1994

there are few legal fsp sites for many reasons... a) the only advantages of fsp are that it is slightly harder to track that ftp and b) that it creates less load for the server... otoh, it is limited to very,very slow dtr.. (something like 1kps if i remember correctly...)
so it's only really useful for 3l33t \/\/aR3Z d00dZ (hahahaha) and kiddie porn sickos...

gpf_no_2 -- Jul 1994

FSP is ok to use... you can get a program that will make it easier by making it look more like ftp (saves you from using the different fprograms). But I can get anything I want through ftp for starters; I don't transfer wares (not on the Internet, that's for sure), and the moment I feel I need to see porn so bad I can't buy a magazine, I'll start readsing alt.binaries.pictures.erotica - so I guess I just keep fsp around for the sakes of logging what everyone is using it for.

hbeast -- Oct 1993

File Service Protocol (FSP) is a file transfer protocol developed for circumventing FTP restrictions. Ordinary users can't set up FTP servers, but they can set up FSP servers, and FSP transfers will go through when FTP transfers have been blocked.

FSP does have some actual advantages over FTP - being designed for stealth makes it a very sparing user of resources - but there are almost no legitimate FSP users, and its history makes it unlikely there will be many.

-- Networking and Firewalls

Terms

Lamer, lamah, idiot - You.
FTP - TCP/IP protocol for transferring files FAST
FSP - socket protocol for transferring files 'covertly' also slowly.
DCC - About as safe as FSP, which is much safer than FTP.

The Lamahs-Guide to Pirating Software on the Internet -- 25 Dec 1994

File Service Protocol (FSP) - Similar in purpose to FTP but not for fucking retards

-- transilvian hunger

What David LaMacchia set up is not properly termed a BBS (it was an FSP site) and LaMacchia never referred to his FSP site as a BBS. The feds called it a "BBS" in the indictment, because they wanted to criminalize all illegal computer activities in the handy category of the evil "BBS".

-- 10 Apr 1994

The big push to eradicate child-pornography has led to a number of hackers being caught in the search for the "dirty old men" on the Internet. Baker was the Kentucky cop who was singularly responsible for the bust of the big kiddie-porn FSP site at the University of Birmingham in England back in April and got a lot of press coverage about it. But I had personally never considered that a cop could hack his way into a password-protected FSP site. And why would he care about something happening on the other side of the world? Hackers do it, but not cops...unless the cops are hackers. Hmmm...theories anyone?

-- Phrack 46

Most places I know of, if something like an FSP site was found, the Dean or equivalent would take the student to one side and give him a good verbal rap on the knuckles - maybe suspend his account for a time - and put him back on the straight and narrow with the fear of god in him.

-- 11 Apr 1994

Now, I have to watch all my guest users for fsp daemons. I've already wiped a few clients, but I have not seen and archives being created. Of course, I've also wiped muds, bots, sub-bbses and all kinds of yphack/ypbreak/ypsnarf/ypblah programs.

ANTI W|\REZ ASSOCIATION -- 08/14/93

The FSP protocol differs from FTP in that it uses UDP datagrams rather than TCP. This provides a stateless connection that minimizes load on the server. For those who know how to use them and prefer them, the older-style fsp commands are also available (although not recommended). These commands are: fcatcmd, fcdcmd, fgetcmd , fgrabcmd, flscmd, fmkdir, fprocmd, fput, frmcmd, frmdircmd , fver, fducmd, fhostcmd, and ffindcmd.

Unix manual -- 9/19/96

Despite all this, it remains true to its roots in warez, hackz, and phreakz... In the early days it was little more than a lonely mp3/crackz outpost running an anonymous FSP server on a blistering quick and expensive Pentium 100mhz *grin* That's right, FSP not FTP. If you have been around for a while you will remember FSP protocol.

KC Network --

As far as the guys saying how insecure fsp and ftp is because it is so easy for an admin to look at network statistics and notice the large amounts of traffic for software piracy, I find it funny those so much pirating is done without admins ever noticing. And it usually gets noticed because of lack of hard drive space, not amount of network traffic.

cyberpunks mailing list -- Sep 1993

Anyway, this guy was running a Warez d00dez (pronounced where ehz doood ehz) board on a machine in one of the labs. He ran a warez FSP site. Noone would have noticed, except someone remarked how the HD just never ever stopped running on one particular machine.

Brain21 -- 2 Feb 1996

FSP: FSP is simply another utility (similar to FTP) for transferring files. The commands are very much the same as for FTP. Read the online manual for specific instructions. FSP gives a sysop tighter control over a site since he can limit connections to specific IP addresses. This means that you have to register (usually involves sending some k00l warez) before you can use theprivate section of the site. You also must have a dedicated IP address, since it will do you no good to register an IP address you may not have every time you log on to your provider.

The Gnu-Warez Kidz' Guide to Pirating on the Internet -- 01/01/1996

FSP is a bit like anonymous FTP except that the protocol is connectionless and lightweight. It uses a non-forking server so it shouldn't result in too much load on the remote machine. I think it also uses UDP datagrams which are much more efficient than TCP sessions.

Christopher Fraser -- 30 Nov 1994

FSP is a very feature rich alternative to FTP when anonymous connections are all that is needed. While it never really caught on I loved this protocol. I don't know that it was intended as a sneaky way of transfering files, but it fit the bill pretty nicely.

Xamot -- Aug 15 2000

I believe is attributable to someone commenting on the old FSP protocol, perhaps Erik Fair: The Internet routes around damage.

Eliot Lear -- 18 Oct 2003

Providing FSP service is not going to make friends for you among remote system administrators, since the point of FSP is to allow people to transfer files after their sites have decided to block file transfers.

Building Internet Firewalls, First Edition -- November 1995

If you do not intend to offer an FSP service, examine your systems for UDP services available on port 21. NOTE: If a user offers an unauthorized FTP or FSP service on an unprivileged port, it may be difficult to detect the service without a port scan.

Anonymous FTP Abuses -- 1996

<historylesson>
FSP was popular because you could setup sites in your home directory, and run the daemon without root privs. FSP at the time was "important" for the role it temporarily played. It allowed people to 'casually' serve and retrieve files without needing a lot of infrastructure.

Back when FSP was 'hot', lots of people didn't have Linux servers laying around, or root access, or lots of bandwidth, or p2p gui tools. They had FTP which was a pain to setup in your home directory and sometimes wasn't configurable to non-priv ports, they had TFTP which didn't allow for any authentication.

So, while you bring up some interesting points about why FSP is obviated, since you weren't around when it was 'hot', you may lack the perspective to know why it was at one point useful.

If anything, P2P has really obviated FSP, not Rsync, SCP or SFTP. Rsync, SCP, and SFTP obviate FTP, but not FTP-SSL..
</historylesson>

Besides, who ever heard of an 'public underground rsync site' ? :)

Nathan Ramella -- 20-Aug-2003

I used to use FSP. I even hacked the source to dramatically shorten the time delay it waits between sending requests for data, to get faster service :)

There were 2 main reasons to use FSP:

  1. It used UDP, not TCP. Many monitoring/logging tools and firewalls back in the day only really had a tight control on TCP. Using UDP was a good way to slip under the wire.
  2. It deliberately kept its data rate very small. Something on the order of 2K per second. Even with a hacked client, the server simply wouldn't send data any faster than a certain cutoff point, and ignored any requests that came in faster than that. This data rate throttling was done, again, to help stay under the radar. Many sites were detected only because a huge upward spike in consumed bandwidth was noticed. Using FSP, a site could stay up for a much longer period of time before being caught and deleted.

Nowadays, we all have great P2P applications to make good use of UDP, and bandwidth usage is usually adjustable on them, so the main reasons to use FSP have gone away. Good riddance, I say, as it was truly a terrible protocol (think of XMODEM over IP)!

Krellan -- 20-Aug-2003

Back in the day, fsp was much better than ftp because it did not keep open connections per client, and used much less memory. This was very important when you had 100 request and only 8 meg of memory. Yes a server with 8 megs at one time was possible.

bradams -- 20-Aug-2003

I used to use fsp to download stuff from my shell account to my home box, over my 24x7 dialup line. fsp had very little effect on my other uses of the line, so I could have it downloading while I'm doing other stuff and not even notice. Other forms of file transfer would send my ping times up to about one second. Alas, I finally got rid of it when I got my cable modem. I considered keeping it around, but it just wasn't needed.

dougnc -- 21-Aug-2003

If you have more quotes about FSP, please send them to mailing list or to the developers. Thank you! We love them!