Parsing security risks in FTP File Transfer Protocol

Source: Internet
Author: User
Tags ftp file ftp file transfer ftp file transfer protocol

When we use the tcp ip protocol for transmission management, many of its protocols have more or less security problems. Now let's take a look at the security issues related to the FTP File Transfer Protocol. In this case, we hope you can clarify the principles in this regard.

1. FTP Port Mode

The FTP Port mode brings many problems to network administrators. First, the encoding of IP addresses and PORT numbers in the Port command message is not straightforward, protocol commands at the application layer should not theoretically contain network address information (Note: IP address), because this breaks the protocol layer principle and may cause coordination and security issues 。

2. plaintext transmission of user names and passwords

Another notorious issue with the FTP File Transfer Protocol is that it sends usernames and passwords in plaintext, that is to say, sending is not encrypted. Anyone who places a protocol analyzer in a proper location in the network can see the user name and password. FTP data is also transmitted in plaintext, by monitoring FTP connections and collecting data, you can collect and reproduce FTP data transmission and implement protocol connection playback. In fact, many users use the same user name and password in different applications, this may seem worse. If hackers collect FTP passwords, they may also get passwords for your online account or other confidential data 。

3. Work on the TCP layer

The FTP file transmission protocol is based on tcp. To ensure reliable FTP transmission, tcp must establish a connected bit stream and divide user data into data segments, set a timer (used for timeout retransmission) when sending data, confirm the data sent from the other party (the confirmation information can be carried on the data packet), and re-sort the received data, discard duplicate data packets, provide end-to-end traffic control (tcp Sliding Window Protocol for effective transmission of batch data), calculate and verify end-to-end checksum 。

4. Work on the IP layer

The IP layer determines the path (three paths: Host path, network path, and default path). When the path is determined, ICMP reports the error information and other situations that should be noted 。

5. Work on the data link layer

Find the MAC address of the target host through the ARP table. If not, learn the MAC address of the target host through ARP request/response packets 。

6. Physical Layer work

Transmit the original bit stream over the communication channel 。

The following is a specific example to illustrate this process.

The reason is that three Ethernet (SUN, MOON, WATER) are connected to a router (ROUTE). The first two IP addresses are both 10.0.

Assume that E is the FTP File Transfer Protocol server, and A accesses E as the FTP client.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.