Skip to content

Page194

FTP

FTP is the File Transfer Protocol, used to transfer files to and from servers. Like Telnet, FTP has no confidentiality or integrity and should not be used to transfer sensitive data over insecure channels.

Note

When discussing insecure protocols such as Telnet and FTP, statements like “no confidentiality” assume that they are used with default settings, with no additional hardening or encryption (such as using them via an IPsec VPN tunnel). You may mitigate the lack of confidentiality by using Telnet or FTP over an encrypted VPN tunnel or using SSH in their place, among other options. Also, “no integrity” means there is limited or no integrity at the application layer: some integrity may be provided at a lower layer, such as the transport layer.

FTP uses two ports: the control connection (where commands are sent) is TCP port 21; “Active FTP” uses a data connection (where data is transferred) that originates from TCP port 20. Here are the two socket pairs (the next two examples use arbitrary ephemeral ports):

  • Client:1025 → Server:21 (Control Connection)
  • Server:20 → Client:1026 (Data Connection)

Notice that the data connection originates from the server, in the opposite direction of the control channel. This breaks classic client-server data flow direction. Many firewalls will block the active FTP data connection for this reason, breaking Active FTP. Passive FTP addresses this issue by keeping all communication from client to server:

  • Client:1025 → Server:21 (Control Connection)
  • Client:1026 → Server:1025 (Data Connection)

The FTP server tells the client which listening data connection port to connect to; the client then makes a second connection. Passive FTP is more likely to pass through firewalls cleanly, since it flows in classic client-server direction.

TFTP

TFTP is the Trivial File Transfer Protocol, which runs on UDP port 69. It provides a simpler way to transfer files and is often used for saving router configurations or “bootstrapping” (downloading an operating system) via a network by diskless workstations.

TFTP has no authentication or directory structure: files are read from and written to one directory, usually called /tftpboot. There is also no confidentiality or integrity. Like Telnet and FTP, TFTP is not recommended for transferring sensitive data over an insecure channel.

SSH

SSH was designed as a secure replacement for Telnet, FTP, and the UNIX “R” commands (rlogin, rsh, rcp, etc.). It provides confidentiality, integrity, and secure authentication, among other features. SSH includes SFTP (SSH FTP) and SCP (Secure Copy) for transferring files. SSH can also be used to securely tunnel other protocols, such as HTTP. SSH servers listen on TCP port 22 by default.

SSH version 1 was the original version, which has since been found vulnerable to man-in-the-middle attacks. SSH version 2 is the current version of the protocol, and is recommended over SSHv1, Telnet, or FTP, etc.