top of page

File Transfer Protocol

Acronym:

FTP

Full Name:

File Transfer Protocol

RFC:

959

Ports:

20-21 TCP

Level:

Protocol / Basic

domain name system- how it work, threats and mitigation

FTP Explanation

  • File Transfer Protocol FTP is the standard networking protocol used for sharing files over the Internet’s TCP/IP protocols.

  • Based on the client-server architecture, FTP uses Secure Sockets Layer (SSL)/Transport Layer Security(TLS) and Secure Shell (SSH) encryptions for data security.

  • FTP servers provide access to users through a simple login mechanism.

How FTP works

Passive Mode

Both control and data connections are made from the FTP client to the FTP server. The server specifies the server-side port that is open for the client. The client initiates the connection.



Active Mode

A control connection is made from the FTP client, and all data connections are made from the FTP server to the FTP client.
The client initially indicates which client-side port is open for the data channel. The server initiates the connection.





Top FTP attacks used by malicious actors

Anonymous Authentication

  • Exploitable when Anonymous authenticatin is permited.


Directory transversal attack

  • Normally can be:

    • Information disclousure.

    • Writing arbitrary files.


Cross-site scripting.

  • Can lead to the execution and injection of arbitrary and normally malicious HTML and JavaScript code in the user's browser.


Dridex-based malware attack.

  • Threat actors use compromised FTP servers instead of more usual HTTP links as download locations for malicious documents. This enables them to obtain the credentials of the compromised FTP site in the process.

Why Should you worry?

  • FTP does not encryp traffic. This menas that file transfer your upload/download are easy to intercept by a Man in The Middle (MiTM) attack or someone sniffing the network traffic.

What can you do?

  • Setup an SFTP or FTPS instead of a FTP server so the communications are encrypted.

  • In case of anonymous loging, block the source IP that is trying the loging to the server.

  • Disable anonymous loging on your server.

bottom of page